Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/01/GHSA-2fpf-9qrw-vj6r/GHSA-2fpf-9qrw-vj6r.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2fpf-9qrw-vj6r",
-  "modified": "2024-02-01T06:31:04Z",
+  "modified": "2026-04-01T18:31:41Z",
   "published": "2024-01-27T00:31:23Z",
   "aliases": [
     "CVE-2024-23506"
   ],
-  "details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9.\n\n",
+  "details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -19,14 +19,19 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23506"
     },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/instawp-connect/vulnerability/wordpress-instawp-connect-plugin-0-1-0-9-sensitive-data-exposure-vulnerability?_s_id=cve"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-9-sensitive-data-exposure-vulnerability?_s_id=cve"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-200"
+      "CWE-200",
+      "CWE-201"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2024/01/GHSA-893r-3jv5-xxp5/GHSA-893r-3jv5-xxp5.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-893r-3jv5-xxp5",
-  "modified": "2024-01-31T18:31:27Z",
+  "modified": "2026-04-01T18:31:41Z",
   "published": "2024-01-31T18:31:27Z",
   "aliases": [
     "CVE-2024-22289"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Post views Stats allows Reflected XSS.This issue affects Post views Stats: from n/a through 1.3.\n\n",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Post views Stats allows Reflected XSS.This issue affects Post views Stats: from n/a through 1.3.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22289"
     },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/post-views-stats/vulnerability/wordpress-post-views-stats-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/post-views-stats/wordpress-post-views-stats-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"

advisories/unreviewed/2024/01/GHSA-jgqm-9prw-2qr6/GHSA-jgqm-9prw-2qr6.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jgqm-9prw-2qr6",
-  "modified": "2024-02-05T21:30:31Z",
+  "modified": "2026-04-01T18:31:41Z",
   "published": "2024-01-31T12:30:18Z",
   "aliases": [
     "CVE-2024-23507"
   ],
-  "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9.\n\n",
+  "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23507"
     },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/instawp-connect/vulnerability/wordpress-instawp-connect-plugin-0-1-0-9-sql-injection-vulnerability?_s_id=cve"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-9-sql-injection-vulnerability?_s_id=cve"

advisories/unreviewed/2024/01/GHSA-qr6c-pgxx-rqc6/GHSA-qr6c-pgxx-rqc6.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qr6c-pgxx-rqc6",
-  "modified": "2024-01-31T18:31:26Z",
+  "modified": "2026-04-01T18:31:41Z",
   "published": "2024-01-31T18:31:26Z",
   "aliases": [
     "CVE-2024-22307"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7.\n\n",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22307"
     },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/wp-lister-for-ebay/vulnerability/wordpress-wp-lister-lite-for-ebay-plugin-3-5-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/wp-lister-for-ebay/wordpress-wp-lister-lite-for-ebay-plugin-3-5-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"

advisories/unreviewed/2024/02/GHSA-j4j6-xqv7-cqrg/GHSA-j4j6-xqv7-cqrg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j4j6-xqv7-cqrg",
-  "modified": "2025-04-01T15:31:20Z",
+  "modified": "2026-04-01T18:31:41Z",
   "published": "2024-02-29T03:33:18Z",
   "aliases": [
     "CVE-2024-25932"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25932"
     },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/change-table-prefix/vulnerability/wordpress-change-table-prefix-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/change-table-prefix/wordpress-change-table-prefix-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"

advisories/unreviewed/2024/02/GHSA-qpxm-8xgh-55mq/GHSA-qpxm-8xgh-55mq.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qpxm-8xgh-55mq",
-  "modified": "2024-02-10T09:30:20Z",
+  "modified": "2026-04-01T18:31:41Z",
   "published": "2024-02-10T09:30:20Z",
   "aliases": [
     "CVE-2024-24831"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.\n\n",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24831"
     },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/premium-addons-for-elementor/vulnerability/wordpress-premium-addons-for-elementor-plugin-4-10-16-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/premium-addons-for-elementor/wordpress-premium-addons-for-elementor-plugin-4-10-16-cross-site-scripting-xss-vulnerability?_s_id=cve"

advisories/unreviewed/2024/02/GHSA-qv48-h28r-v6rp/GHSA-qv48-h28r-v6rp.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qv48-h28r-v6rp",
-  "modified": "2024-02-29T06:30:32Z",
+  "modified": "2026-04-01T18:31:41Z",
   "published": "2024-02-29T06:30:32Z",
   "aliases": [
     "CVE-2024-1435"
   ],
-  "details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.6.\n\n",
+  "details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.6.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -19,14 +19,19 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1435"
     },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/tainacan/vulnerability/wordpress-tainacan-plugin-0-20-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-20-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-200"
+      "CWE-200",
+      "CWE-201"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2024/02/GHSA-r9gf-3xf2-q7x5/GHSA-r9gf-3xf2-q7x5.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r9gf-3xf2-q7x5",
-  "modified": "2024-02-08T15:30:27Z",
+  "modified": "2026-04-01T18:31:41Z",
   "published": "2024-02-08T15:30:27Z",
   "aliases": [
     "CVE-2024-24878"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.\n\n",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24878"
     },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/portugal-ctt-tracking-woocommerce/vulnerability/wordpress-portugal-ctt-tracking-for-woocommerce-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/portugal-ctt-tracking-woocommerce/wordpress-portugal-ctt-tracking-for-woocommerce-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"

advisories/unreviewed/2024/02/GHSA-w8m7-jp57-83vr/GHSA-w8m7-jp57-83vr.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w8m7-jp57-83vr",
-  "modified": "2024-02-08T15:30:27Z",
+  "modified": "2026-04-01T18:31:41Z",
   "published": "2024-02-08T15:30:27Z",
   "aliases": [
     "CVE-2024-24871"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.19.\n\n",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.19.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24871"
     },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Theme/blocksy/vulnerability/wordpress-blocksy-theme-2-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/blocksy/wordpress-blocksy-theme-2-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve"

advisories/unreviewed/2024/03/GHSA-2f24-2p7m-g432/GHSA-2f24-2p7m-g432.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2f24-2p7m-g432",
-  "modified": "2024-03-19T15:30:35Z",
+  "modified": "2026-04-01T18:31:42Z",
   "published": "2024-03-19T15:30:35Z",
   "aliases": [
     "CVE-2024-29125"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates allows Reflected XSS.This issue affects Coupon Affiliates: from n/a through 5.12.7.\n\n",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates allows Reflected XSS.This issue affects Coupon Affiliates: from n/a through 5.12.7.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29125"
     },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/woo-coupon-usage/vulnerability/wordpress-coupon-affiliates-plugin-5-12-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/woo-coupon-usage/wordpress-coupon-affiliates-plugin-5-12-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"