Publish Advisories

GHSA-4595-c58r-mv75
GHSA-4cw3-p22h-w3h8
GHSA-57vv-vqrh-49wx
GHSA-fm3m-r2wp-895q
GHSA-gfm6-fcx7-chmc
GHSA-p235-gwp9-pfq6
GHSA-p3gr-x272-xrcv
GHSA-qv3m-qhpr-9vhh
GHSA-r5vg-x4f7-h9jr
GHSA-rw6w-6q2w-c8g8
GHSA-wwmc-gh3w-x32h

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-4595-c58r-mv75/GHSA-4595-c58r-mv75.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4595-c58r-mv75",
+  "modified": "2026-03-01T00:30:14Z",
+  "published": "2026-03-01T00:30:14Z",
+  "aliases": [
+    "CVE-2026-28561"
+  ],
+  "details": "wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account, attackers set a forum description containing HTML event handlers that execute when any user views the forum listing.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28561"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo/#developers"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/wpforo-forum-stored-xss-via-unescaped-forum-description-in-templates"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-28T22:16:03Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4cw3-p22h-w3h8/GHSA-4cw3-p22h-w3h8.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4cw3-p22h-w3h8",
+  "modified": "2026-03-01T00:30:14Z",
+  "published": "2026-03-01T00:30:14Z",
+  "aliases": [
+    "CVE-2026-3377"
+  ],
+  "details": "A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3377"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vul_db/blob/main/F453/vul_77/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.348262"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.348262"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.759624"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-01T00:16:17Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-57vv-vqrh-49wx/GHSA-57vv-vqrh-49wx.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-57vv-vqrh-49wx",
+  "modified": "2026-03-01T00:30:14Z",
+  "published": "2026-03-01T00:30:14Z",
+  "aliases": [
+    "CVE-2026-28554"
+  ],
+  "details": "wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation controls entirely.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28554"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo/#developers"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/wpforo-forum-missing-authorization-via-post-approval-ajax-handler"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-28T22:16:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-fm3m-r2wp-895q/GHSA-fm3m-r2wp-895q.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fm3m-r2wp-895q",
+  "modified": "2026-03-01T00:30:14Z",
+  "published": "2026-03-01T00:30:14Z",
+  "aliases": [
+    "CVE-2026-28562"
+  ],
+  "details": "wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials from the WordPress database.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28562"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo/#developers"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/wpforo-sql-injection-via-topics-order-by-parameter"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-28T22:16:03Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-gfm6-fcx7-chmc/GHSA-gfm6-fcx7-chmc.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gfm6-fcx7-chmc",
+  "modified": "2026-03-01T00:30:14Z",
+  "published": "2026-03-01T00:30:14Z",
+  "aliases": [
+    "CVE-2026-28557"
+  ],
+  "details": "wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforo_synch_roles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then remap all wpForo usergroups to arbitrary WordPress roles.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28557"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo/#developers"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/wpforo-forum-privilege-escalation-via-role-synchronization-handler"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-28T22:16:02Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-p235-gwp9-pfq6/GHSA-p235-gwp9-pfq6.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p235-gwp9-pfq6",
+  "modified": "2026-03-01T00:30:14Z",
+  "published": "2026-03-01T00:30:14Z",
+  "aliases": [
+    "CVE-2026-28558"
+  ],
+  "details": "wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the browsers of any user who views the attacker's profile page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28558"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo/#developers"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/wpforo-forum-stored-xss-via-svg-avatar-file-upload"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-28T22:16:02Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-p3gr-x272-xrcv/GHSA-p3gr-x272-xrcv.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p3gr-x272-xrcv",
+  "modified": "2026-03-01T00:30:14Z",
+  "published": "2026-03-01T00:30:14Z",
+  "aliases": [
+    "CVE-2026-28555"
+  ],
+  "details": "wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum discussions.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28555"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpforo/#developers"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/wpforo-forum-missing-authorization-via-topic-close-ajax-handler"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-28T22:16:02Z"
+  }
+}