Publish Advisories

GHSA-575w-wm25-9xm6
GHSA-7hfw-r8qc-89v4
GHSA-fjwr-wg9v-64cv
GHSA-j3gx-2473-5fp8
GHSA-j4j7-vw47-rhfq
GHSA-p8q2-vcv3-j5pc
GHSA-ph5j-38mg-j6hp
GHSA-pwhr-jgh6-623q
GHSA-rv83-g57w-fr8j

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-575w-wm25-9xm6/GHSA-575w-wm25-9xm6.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-575w-wm25-9xm6",
+  "modified": "2026-03-07T00:30:29Z",
+  "published": "2026-03-07T00:30:29Z",
+  "aliases": [
+    "CVE-2026-2371"
+  ],
+  "details": "The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the `gspb_el_reusable_load()` AJAX handler. The handler accepts an arbitrary `post_id` parameter and renders the content of any `wp_block` post without checking `current_user_can('read_post', $post_id)` or verifying the post status. Combined with the nonce being exposed to unauthenticated users on any public page using the `[wp_reusable_render]` shortcode with `ajax=\"1\"`, this makes it possible for unauthenticated attackers to retrieve the rendered HTML content of private, draft, or password-protected reusable blocks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2371"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/tags/12.7.1/settings.php#L1630"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/tags/12.7.1/settings.php#L1674"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php#L1674"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3465111/greenshift-animation-and-page-builder-blocks/trunk/settings.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52632b50-9755-4ebd-a1a8-587cc633debb?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-07T00:16:13Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-7hfw-r8qc-89v4/GHSA-7hfw-r8qc-89v4.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7hfw-r8qc-89v4",
+  "modified": "2026-03-07T00:30:28Z",
+  "published": "2026-03-07T00:30:28Z",
+  "aliases": [
+    "CVE-2026-27137"
+  ],
+  "details": "When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/cl/752182"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/issue/77952"
+    },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2026-4599"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-06T22:16:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-fjwr-wg9v-64cv/GHSA-fjwr-wg9v-64cv.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fjwr-wg9v-64cv",
+  "modified": "2026-03-07T00:30:29Z",
+  "published": "2026-03-07T00:30:29Z",
+  "aliases": [
+    "CVE-2026-1981"
+  ],
+  "details": "The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winston_disconnect() function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's API connection settings via the 'winston_disconnect' AJAX action.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1981"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/winston-ai-wp/tags/0.0.3/ajax/Ajax_Admin.php#L193"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/winston-ai-wp/tags/0.0.3/ajax/Ajax_Admin.php#L38"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/winston-ai-wp/trunk/ajax/Ajax_Admin.php#L193"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/winston-ai-wp/trunk/ajax/Ajax_Admin.php#L38"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3468726%40winston-ai-wp&new=3468726%40winston-ai-wp"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1a82073-ab63-42dd-9bc0-d21f53a5af25?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-07T00:16:13Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-j3gx-2473-5fp8/GHSA-j3gx-2473-5fp8.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j3gx-2473-5fp8",
+  "modified": "2026-03-07T00:30:28Z",
+  "published": "2026-03-07T00:30:28Z",
+  "aliases": [
+    "CVE-2026-25679"
+  ],
+  "details": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/cl/752180"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/issue/77578"
+    },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2026-4601"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-06T22:16:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-j4j7-vw47-rhfq/GHSA-j4j7-vw47-rhfq.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j4j7-vw47-rhfq",
+  "modified": "2026-03-07T00:30:29Z",
+  "published": "2026-03-07T00:30:29Z",
+  "aliases": [
+    "CVE-2026-27142"
+  ],
+  "details": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/cl/752081"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/issue/77954"
+    },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2026-4603"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-06T22:16:01Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-p8q2-vcv3-j5pc/GHSA-p8q2-vcv3-j5pc.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p8q2-vcv3-j5pc",
+  "modified": "2026-03-07T00:30:29Z",
+  "published": "2026-03-07T00:30:29Z",
+  "aliases": [
+    "CVE-2026-1644"
+  ],
+  "details": "The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update_action' function. This makes it possible for unauthenticated attackers to approve or reject user account registrations via a forged request granted they can trick an administrator into performing an action such as clicking on a link.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1644"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-front-end-profile/tags/1.3.8/functions/wpfep-functions.php#L987"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-front-end-profile/trunk/functions/wpfep-functions.php#L987"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3466608%40wp-front-end-profile&new=3466608%40wp-front-end-profile&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74b186fd-5825-4a20-829b-6b8a5ddbe853?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-07T00:16:13Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-ph5j-38mg-j6hp/GHSA-ph5j-38mg-j6hp.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-ph5j-38mg-j6hp",
+  "modified": "2026-03-07T00:30:28Z",
+  "published": "2026-03-07T00:30:28Z",
+  "aliases": [
+    "CVE-2026-27138"
+  ],
+  "details": "Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/cl/752183"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/issue/77953"
+    },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2026-4600"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-06T22:16:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-pwhr-jgh6-623q/GHSA-pwhr-jgh6-623q.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pwhr-jgh6-623q",
+  "modified": "2026-03-07T00:30:29Z",
+  "published": "2026-03-07T00:30:29Z",
+  "aliases": [
+    "CVE-2026-3233"
+  ],
+  "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3233"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-06T23:16:07Z"
+  }
+}