Publish Advisories

GHSA-2vv2-mqg3-3j3p
GHSA-2w66-j4vc-q66r
GHSA-39hw-jm9g-6r53
GHSA-58qr-v987-vh6w
GHSA-59w9-v569-xqc3
GHSA-5rfm-3pqq-3xm3
GHSA-6963-573w-vxvf
GHSA-6m7m-cxf3-4phv
GHSA-8gh3-66fr-4rwm
GHSA-96gq-6mq2-hjpw
GHSA-98q5-g3r5-8vrg
GHSA-cc45-j295-8r3r
GHSA-cfxx-jfwh-m66r
GHSA-cpmh-vq2q-hhp7
GHSA-g85c-6q3h-m8pv
GHSA-g8cg-xh22-8v5v
GHSA-hxcx-9gwg-xxw5
GHSA-m75r-w8f2-6h95
GHSA-p529-4vj7-h7jm
GHSA-qv7p-c5xp-q3hh
GHSA-x2p4-4cw9-m5ch

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-2vv2-mqg3-3j3p/GHSA-2vv2-mqg3-3j3p.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vv2-mqg3-3j3p",
+  "modified": "2026-03-26T06:30:20Z",
+  "published": "2026-03-26T06:30:20Z",
+  "aliases": [
+    "CVE-2026-4075"
+  ],
+  "details": "The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'sbox_id', 'sbox_class', 'placeholder', 'highlight_color', 'highlight_bg', and 'cont_ext_class'. These attributes are directly interpolated into HTML element attributes without any esc_attr() escaping in the baf_sbox() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4075"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/bwl-advanced-faq-manager-lite/tags/1.1.1/includes/shortcodes/baf_faq_list.php#L46"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/bwl-advanced-faq-manager-lite/tags/1.1.1/includes/shortcodes/baf_faq_list.php#L73"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/bwl-advanced-faq-manager-lite/tags/1.1.1/includes/shortcodes/baf_faq_list.php#L75"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/bwl-advanced-faq-manager-lite/trunk/includes/shortcodes/baf_faq_list.php#L46"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/bwl-advanced-faq-manager-lite/trunk/includes/shortcodes/baf_faq_list.php#L73"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/bwl-advanced-faq-manager-lite/trunk/includes/shortcodes/baf_faq_list.php#L75"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3487104%40bwl-advanced-faq-manager-lite&new=3487104%40bwl-advanced-faq-manager-lite&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef01f05a-ed5a-4278-acab-029c58242cf2?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T04:17:12Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2w66-j4vc-q66r/GHSA-2w66-j4vc-q66r.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2w66-j4vc-q66r",
+  "modified": "2026-03-26T06:30:21Z",
+  "published": "2026-03-26T06:30:21Z",
+  "aliases": [
+    "CVE-2026-4839"
+  ],
+  "details": "A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4839"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/WHOAMI-xiaoyu/CVE/blob/main/CVE_9.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.353142"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.353142"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.776082"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T04:17:15Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-39hw-jm9g-6r53/GHSA-39hw-jm9g-6r53.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-39hw-jm9g-6r53",
+  "modified": "2026-03-26T06:30:21Z",
+  "published": "2026-03-26T06:30:21Z",
+  "aliases": [
+    "CVE-2026-4845"
+  ],
+  "details": "A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/index.html. This manipulation of the argument Search causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4845"
+    },
+    {
+      "type": "WEB",
+      "url": "https://thinhneee.github.io/posts/muucmf-xss"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.353150"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.353150"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.776174"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T06:16:09Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-58qr-v987-vh6w/GHSA-58qr-v987-vh6w.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-58qr-v987-vh6w",
-  "modified": "2026-03-26T03:30:28Z",
+  "modified": "2026-03-26T06:30:19Z",
   "published": "2026-03-26T03:30:28Z",
   "aliases": [
     "CVE-2014-125112"
@@ -21,6 +21,10 @@
     {
       "type": "WEB",
       "url": "https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.23-TRIAL/changes"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/03/26/2"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-59w9-v569-xqc3/GHSA-59w9-v569-xqc3.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-59w9-v569-xqc3",
+  "modified": "2026-03-26T06:30:21Z",
+  "published": "2026-03-26T06:30:21Z",
+  "aliases": [
+    "CVE-2026-4841"
+  ],
+  "details": "A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4841"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/HxH404/ed090db972001ba535202fd4f5b6a0b5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.353147"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.353147"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.776130"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T05:16:41Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-5rfm-3pqq-3xm3/GHSA-5rfm-3pqq-3xm3.json

@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5rfm-3pqq-3xm3",
+  "modified": "2026-03-26T06:30:21Z",
+  "published": "2026-03-26T06:30:21Z",
+  "aliases": [
+    "CVE-2026-4281"
+  ],
+  "details": "The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect() and listen_for_tokens() methods of the FormLift_Infusionsoft_Manager class, both of which are hooked to 'plugins_loaded' and execute on every page load. The connect() function generates an OAuth connection password and leaks it in the redirect Location header without verifying the requesting user is authenticated or authorized. The listen_for_tokens() function only validates the temporary password but performs no user authentication before calling update_option() to save attacker-controlled OAuth tokens and app domain. This makes it possible for unauthenticated attackers to hijack the site's Infusionsoft connection by first triggering the OAuth flow to obtain the temporary password, then using that password to set arbitrary OAuth tokens and app domain via update_option(), effectively redirecting the plugin's API communication to an attacker-controlled server.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4281"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/formlift/tags/7.5.21/modules/api/infusionsoft-manager.php#L21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/formlift/tags/7.5.21/modules/api/infusionsoft-manager.php#L46"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/formlift/tags/7.5.21/modules/api/infusionsoft-manager.php#L62"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/formlift/tags/7.5.21/modules/api/infusionsoft-manager.php#L64"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/formlift/trunk/modules/api/infusionsoft-manager.php#L21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/formlift/trunk/modules/api/infusionsoft-manager.php#L46"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/formlift/trunk/modules/api/infusionsoft-manager.php#L62"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/formlift/trunk/modules/api/infusionsoft-manager.php#L64"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3490212%40formlift&new=3490212%40formlift&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a65cc674-a0ea-46b9-b609-b184e1f7ca8e?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T05:16:40Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6963-573w-vxvf/GHSA-6963-573w-vxvf.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6963-573w-vxvf",
+  "modified": "2026-03-26T06:30:21Z",
+  "published": "2026-03-26T06:30:21Z",
+  "aliases": [
+    "CVE-2026-1206"
+  ],
+  "details": "The Elementor Website Builder plugin for WordPress is vulnerable to Incorrect Authorization to Sensitive Information Exposure in all versions up to, and including, 3.35.7. This is due to a logic error in the is_allowed_to_read_template() function permission check that treats non-published templates as readable without verifying edit capabilities. This makes it possible for authenticated attackers, with contributor-level access and above, to read private or draft Elementor template content via the 'template_id' supplied to the 'get_template_data' action of the 'elementor_ajax' endpoint.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1206"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3489160/elementor/trunk/includes/template-library/sources/local.php?old=3473768&old_path=elementor%2Ftrunk%2Fincludes%2Ftemplate-library%2Fsources%2Flocal.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4420935-4952-4460-afc2-1c6df6965b3d?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T06:16:09Z"
+  }
+}