Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-22f9-qcfx-q3w3/GHSA-22f9-qcfx-q3w3.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-22f9-qcfx-q3w3",
+  "modified": "2026-03-05T06:30:31Z",
+  "published": "2026-03-05T06:30:31Z",
+  "aliases": [
+    "CVE-2026-2418"
+  ],
+  "details": "The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2418"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/b25c6cbc-39e7-4fa0-af0b-ee7759d2c497"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T06:16:51Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-23v6-32v8-5cg2/GHSA-23v6-32v8-5cg2.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-23v6-32v8-5cg2",
+  "modified": "2026-03-05T06:30:23Z",
+  "published": "2026-03-05T06:30:23Z",
+  "aliases": [
+    "CVE-2026-22387"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affects Aviana: from n/a through <= 2.1.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22387"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Theme/aviana/vulnerability/wordpress-aviana-theme-2-1-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T06:16:13Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-27g6-6w79-qh7m/GHSA-27g6-6w79-qh7m.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-27g6-6w79-qh7m",
+  "modified": "2026-03-05T06:30:26Z",
+  "published": "2026-03-05T06:30:26Z",
+  "aliases": [
+    "CVE-2026-27406"
+  ],
+  "details": "Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through <= 2.1.0.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27406"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/my-tickets/vulnerability/wordpress-my-tickets-plugin-2-1-0-sensitive-data-exposure-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-201"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T06:16:28Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2876-qmcj-r79h/GHSA-2876-qmcj-r79h.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2876-qmcj-r79h",
+  "modified": "2026-03-05T06:30:23Z",
+  "published": "2026-03-05T06:30:23Z",
+  "aliases": [
+    "CVE-2026-22410"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dolcino dolcino allows PHP Local File Inclusion.This issue affects Dolcino: from n/a through <= 1.6.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22410"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Theme/dolcino/vulnerability/wordpress-dolcino-theme-1-6-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T06:16:14Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-28m7-2rmv-hwqr/GHSA-28m7-2rmv-hwqr.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-28m7-2rmv-hwqr",
+  "modified": "2026-03-05T06:30:26Z",
+  "published": "2026-03-05T06:30:26Z",
+  "aliases": [
+    "CVE-2026-27411"
+  ],
+  "details": "Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27411"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/siteguard/vulnerability/wordpress-siteguard-wp-plugin-plugin-1-7-9-captcha-bypass-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-804"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T06:16:29Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-29m5-ghm3-6rpq/GHSA-29m5-ghm3-6rpq.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-29m5-ghm3-6rpq",
+  "modified": "2026-03-05T06:30:24Z",
+  "published": "2026-03-05T06:30:24Z",
+  "aliases": [
+    "CVE-2026-22439"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Green Planet green-planet allows PHP Local File Inclusion.This issue affects Green Planet: from n/a through <= 1.1.14.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22439"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Theme/green-planet/vulnerability/wordpress-green-planet-theme-1-1-14-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T06:16:18Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-29qh-jw3j-7gwj/GHSA-29qh-jw3j-7gwj.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-29qh-jw3j-7gwj",
+  "modified": "2026-03-05T06:30:28Z",
+  "published": "2026-03-05T06:30:28Z",
+  "aliases": [
+    "CVE-2026-28038"
+  ],
+  "details": "Missing Authorization vulnerability in Brainstorm_Force Ultimate Addons for WPBakery Page Builder ultimate_vc_addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through <= 3.21.1.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28038"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/ultimate_vc_addons/vulnerability/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-21-1-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T06:16:36Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2c4c-5wf5-f8m7/GHSA-2c4c-5wf5-f8m7.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2c4c-5wf5-f8m7",
+  "modified": "2026-03-05T06:30:25Z",
+  "published": "2026-03-05T06:30:25Z",
+  "aliases": [
+    "CVE-2026-27352"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Starto starto allows Reflected XSS.This issue affects Starto: from n/a through <= 2.1.9.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27352"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Theme/starto/vulnerability/wordpress-starto-theme-2-1-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T06:16:25Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2hg2-rq96-788r/GHSA-2hg2-rq96-788r.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2hg2-rq96-788r",
+  "modified": "2026-03-05T06:30:25Z",
+  "published": "2026-03-05T06:30:25Z",
+  "aliases": [
+    "CVE-2026-22501"
+  ],
+  "details": "Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22501"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Theme/mounthood/vulnerability/wordpress-mounthood-theme-1-3-2-php-object-injection-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-502"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T06:16:21Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2hqj-54fh-m5xp/GHSA-2hqj-54fh-m5xp.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2hqj-54fh-m5xp",
+  "modified": "2026-03-05T06:30:24Z",
+  "published": "2026-03-05T06:30:24Z",
+  "aliases": [
+    "CVE-2026-22453"
+  ],
+  "details": "Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through <= 2.3.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22453"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Theme/petclub/vulnerability/wordpress-pets-club-theme-2-3-php-object-injection-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-502"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T06:16:19Z"
+  }
+}