Publish Advisories

GHSA-263f-2q4p-95qq
GHSA-3fcv-p6qc-8gvx
GHSA-5v87-p3g9-j392
GHSA-7crm-7p4w-3558
GHSA-hxj3-376r-rjpw
GHSA-jxx9-cx33-fcm4
GHSA-mp4c-mj8p-8mjm
GHSA-rhw5-wqw8-cv94

Author: advisory-database[bot]

advisories/unreviewed/2026/04/GHSA-263f-2q4p-95qq/GHSA-263f-2q4p-95qq.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-263f-2q4p-95qq",
-  "modified": "2026-04-16T15:31:32Z",
+  "modified": "2026-04-18T03:31:05Z",
   "published": "2026-04-16T15:31:32Z",
   "aliases": [
     "CVE-2026-37339"
   ],
   "details": "SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-16T15:17:36Z"

advisories/unreviewed/2026/04/GHSA-3fcv-p6qc-8gvx/GHSA-3fcv-p6qc-8gvx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3fcv-p6qc-8gvx",
-  "modified": "2026-04-16T15:31:32Z",
+  "modified": "2026-04-18T03:31:05Z",
   "published": "2026-04-16T15:31:32Z",
   "aliases": [
     "CVE-2026-37342"
   ],
   "details": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-16T15:17:37Z"

advisories/unreviewed/2026/04/GHSA-5v87-p3g9-j392/GHSA-5v87-p3g9-j392.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5v87-p3g9-j392",
+  "modified": "2026-04-18T03:31:06Z",
+  "published": "2026-04-18T03:31:06Z",
+  "aliases": [
+    "CVE-2026-1559"
+  ],
+  "details": "The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place_id' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1559"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.6/includes/public/core/class-youzify-wall.php#L109"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.6/includes/public/core/wall/class-youzify-form.php#L506"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/class-youzify-wall.php#L109"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/wall/class-youzify-form.php#L506"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3483281/youzify/trunk/includes/public/core/wall/class-youzify-form.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fyouzify/tags/1.3.6&new_path=%2Fyouzify/tags/1.3.7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd69711-8303-4086-87c3-eb2935a89aff?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-18T02:16:11Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-7crm-7p4w-3558/GHSA-7crm-7p4w-3558.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7crm-7p4w-3558",
-  "modified": "2026-04-16T15:31:32Z",
+  "modified": "2026-04-18T03:31:05Z",
   "published": "2026-04-16T15:31:32Z",
   "aliases": [
     "CVE-2026-37344"
   ],
   "details": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-16T15:17:37Z"

advisories/unreviewed/2026/04/GHSA-hxj3-376r-rjpw/GHSA-hxj3-376r-rjpw.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hxj3-376r-rjpw",
-  "modified": "2026-04-16T15:31:33Z",
+  "modified": "2026-04-18T03:31:05Z",
   "published": "2026-04-16T15:31:32Z",
   "aliases": [
     "CVE-2026-37343"
   ],
   "details": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-16T15:17:37Z"

advisories/unreviewed/2026/04/GHSA-jxx9-cx33-fcm4/GHSA-jxx9-cx33-fcm4.json

@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jxx9-cx33-fcm4",
+  "modified": "2026-04-18T03:31:06Z",
+  "published": "2026-04-18T03:31:06Z",
+  "aliases": [
+    "CVE-2026-1838"
+  ],
+  "details": "The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_id' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1838"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/ajax.php#L28"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/hostel.php#L44"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/views/partial/rooms-table.html.php#L29"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/ajax.php#L28"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/hostel/trunk/hostel.php#L44"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/hostel/trunk/views/partial/rooms-table.html.php#L29"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3478265/hostel/trunk/hostel.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fhostel/tags/1.1.6&new_path=%2Fhostel/tags/1.1.7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9da491-771a-4100-b41a-7411981dd34b?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-18T02:16:11Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-mp4c-mj8p-8mjm/GHSA-mp4c-mj8p-8mjm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mp4c-mj8p-8mjm",
-  "modified": "2026-04-16T15:31:32Z",
+  "modified": "2026-04-18T03:31:05Z",
   "published": "2026-04-16T15:31:32Z",
   "aliases": [
     "CVE-2026-37340"
   ],
   "details": "SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-16T15:17:36Z"

advisories/unreviewed/2026/04/GHSA-rhw5-wqw8-cv94/GHSA-rhw5-wqw8-cv94.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rhw5-wqw8-cv94",
-  "modified": "2026-04-16T15:31:32Z",
+  "modified": "2026-04-18T03:31:05Z",
   "published": "2026-04-16T15:31:32Z",
   "aliases": [
     "CVE-2026-37341"
   ],
   "details": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-16T15:17:37Z"