Skip to content

Commit 4cf49cf

Browse files
1 parent 346733a commit 4cf49cf

9 files changed

Lines changed: 474 additions & 2 deletions

File tree

advisories/unreviewed/2023/06/GHSA-6q68-2qq3-8c3h/GHSA-6q68-2qq3-8c3h.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6q68-2qq3-8c3h",
4-
"modified": "2024-04-04T04:46:33Z",
4+
"modified": "2026-05-22T09:31:27Z",
55
"published": "2023-06-13T12:30:18Z",
66
"aliases": [
77
"CVE-2023-3050"
88
],
9-
"details": "Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.\n\n",
9+
"details": "Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.",
1010
"severity": [
1111
{
1212
"type": "CVSS_V3",
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-273r-585g-q7wv",
4+
"modified": "2026-05-22T09:31:28Z",
5+
"published": "2026-05-22T09:31:28Z",
6+
"aliases": [
7+
"CVE-2026-7636"
8+
],
9+
"details": "The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the map_meta_cap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract draft slider metadata including unpublished media URLs, captions, and slider configuration authored by administrators or editors.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7636"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/soliloquy-lite/tags/2.8.1/includes/global/posttype.php#L125"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/soliloquy-lite/tags/2.8.1/includes/global/posttype.php#L177"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/soliloquy-lite/tags/2.8.1/includes/global/posttype.php#L90"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/soliloquy-lite/trunk/includes/global/posttype.php#L125"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://plugins.trac.wordpress.org/browser/soliloquy-lite/trunk/includes/global/posttype.php#L177"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://plugins.trac.wordpress.org/browser/soliloquy-lite/trunk/includes/global/posttype.php#L90"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://plugins.trac.wordpress.org/changeset/3538404/soliloquy-lite/trunk/includes/global/posttype.php?old=3395148&old_path=soliloquy-lite%2Ftrunk%2Fincludes%2Fglobal%2Fposttype.php"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54115a9a-dadd-4f18-a139-02ec89f0a571?source=cve"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-200"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2026-05-22T09:16:32Z"
63+
}
64+
}
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-92j9-vfpr-4xhf",
4+
"modified": "2026-05-22T09:31:28Z",
5+
"published": "2026-05-22T09:31:28Z",
6+
"aliases": [
7+
"CVE-2026-8692"
8+
],
9+
"details": "The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the structure of any form — adding, removing, or altering fields — by writing attacker-controlled data to the plugin's FORMS database table. The 'ajax-nonce' nonce used by this handler is injected into the public frontend via wp_localize_script(), so any authenticated user who visits a page containing a form shortcode can obtain it without any elevated access.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8692"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.0.0/admin/class-registration-form-builder-admin.php#L866"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.0.0/includes/class-registration-form-builder.php#L174"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.0.0/public/class-registration-form-builder-public.php#L121"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.1.1/admin/class-registration-form-builder-admin.php#L866"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.1.1/includes/class-registration-form-builder.php#L174"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.1.1/public/class-registration-form-builder-public.php#L121"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3540543%40vedrixa-forms-registration-builder&new=3540543%40vedrixa-forms-registration-builder&sfp_email=&sfph_mail="
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1b3b8a6c-1c84-4abe-ad4a-02302b04987b?source=cve"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-862"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2026-05-22T09:16:33Z"
63+
}
64+
}
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hg7j-7v3f-fjq2",
4+
"modified": "2026-05-22T09:31:28Z",
5+
"published": "2026-05-22T09:31:28Z",
6+
"aliases": [
7+
"CVE-2026-9011"
8+
],
9+
"details": "The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to retrieve the full item content of non-public Dittys — including drafts, pending, scheduled, and disabled entries — by enumerating integer post IDs against the ditty_init AJAX endpoint. Unlike the non-AJAX init() counterpart, init_ajax() does not verify that the requested Ditty has a 'publish' post status before loading and returning its items, allowing content that administrators explicitly withheld from public view to be extracted.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9011"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/ditty-news-ticker/tags/3.1.64/includes/class-ditty-scripts.php#L463"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/ditty-news-ticker/tags/3.1.64/includes/class-ditty-singles.php#L220"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/ditty-news-ticker/tags/3.1.64/includes/class-ditty-singles.php#L33"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/ditty-news-ticker/tags/3.1.65/includes/class-ditty-scripts.php#L463"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://plugins.trac.wordpress.org/browser/ditty-news-ticker/tags/3.1.65/includes/class-ditty-singles.php#L220"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://plugins.trac.wordpress.org/browser/ditty-news-ticker/tags/3.1.65/includes/class-ditty-singles.php#L33"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3538064%40ditty-news-ticker&new=3538064%40ditty-news-ticker&sfp_email=&sfph_mail="
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49fe8e8b-95fa-4c25-89cf-49566543206c?source=cve"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-862"
58+
],
59+
"severity": "HIGH",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2026-05-22T09:16:33Z"
63+
}
64+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hvqp-vjwf-27jg",
4+
"modified": "2026-05-22T09:31:28Z",
5+
"published": "2026-05-22T09:31:28Z",
6+
"aliases": [
7+
"CVE-2026-8679"
8+
],
9+
"details": "The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to template_redirect) accepting a user-controlled playlist ID via the audioigniter_playlist_id query var or the /audioigniter/playlist/{id}/ rewrite rule and returning playlist track data without performing any authentication, capability, or post_status check — only the post_type is validated. This makes it possible for unauthenticated attackers to view track metadata (titles, artists, audio URLs, buy links, download URLs, and cover images) of any playlist on the site, including those in draft, private, pending, or trash status.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8679"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/cssigniter/audioigniter/commit/35a0508583c26c01b6ac446404ad6fe1d440d8d4"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/audioigniter/tags/2.0.2/audioigniter.php#L1257"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/audioigniter/tags/2.0.2/audioigniter.php#L1263"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/audioigniter/tags/2.0.2/audioigniter.php#L1315"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe573d64-036e-4f6f-bcc1-5183bb9ad2b9?source=cve"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-639"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-05-22T09:16:32Z"
51+
}
52+
}
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jrc7-p252-6hpq",
4+
"modified": "2026-05-22T09:31:28Z",
5+
"published": "2026-05-22T09:31:28Z",
6+
"aliases": [
7+
"CVE-2026-7615"
8+
],
9+
"details": "The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the save_widget_context_settings function. This makes it possible for unauthenticated attackers to modify widget visibility context settings stored in the WordPress options table via a forged POST request to /wp-admin/widgets.php via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7615"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/kasparsd/widget-context-wporg/pull/73"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/widget-context/tags/1.3.3/src/WidgetContext.php#L282"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/widget-context/tags/1.3.3/src/WidgetContext.php#L311"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/widget-context/tags/1.3.3/src/WidgetContext.php#L91"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://plugins.trac.wordpress.org/browser/widget-context/trunk/src/WidgetContext.php#L282"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://plugins.trac.wordpress.org/browser/widget-context/trunk/src/WidgetContext.php#L311"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://plugins.trac.wordpress.org/browser/widget-context/trunk/src/WidgetContext.php#L91"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c434637-4bf9-46ee-9a6d-35eab7ef11a1?source=cve"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-352"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2026-05-22T09:16:32Z"
63+
}
64+
}
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-pq4x-338r-cq3h",
4+
"modified": "2026-05-22T09:31:28Z",
5+
"published": "2026-05-22T09:31:28Z",
6+
"aliases": [
7+
"CVE-2026-7798"
8+
],
9+
"details": "The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Exploitation requires that the SES bounce handling key ('_fc_bounce_key') has never been stored (i.e., the site is in its default/unconfigured state with respect to SES bounce handling) as visiting the bounce configuration page auto-generates and stores a random key that causes the authentication check to evaluate correctly and reject unauthenticated requests.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7798"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/fluent-crm/tags/2.9.87/app/Hooks/Handlers/ExternalPages.php#L113"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/fluent-crm/tags/2.9.87/app/Hooks/Handlers/ExternalPages.php#L85"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/fluent-crm/tags/2.9.87/app/Hooks/Handlers/ExternalPages.php#L87"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/fluent-crm/trunk/app/Hooks/Handlers/ExternalPages.php#L113"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://plugins.trac.wordpress.org/browser/fluent-crm/trunk/app/Hooks/Handlers/ExternalPages.php#L85"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://plugins.trac.wordpress.org/browser/fluent-crm/trunk/app/Hooks/Handlers/ExternalPages.php#L87"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3532271%40fluent-crm&new=3532271%40fluent-crm&sfp_email=&sfph_mail="
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c3ca2d7-7af9-401f-bc5a-1796c6253cb0?source=cve"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-918"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2026-05-22T09:16:32Z"
63+
}
64+
}

0 commit comments

Comments
 (0)