Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-4x9x-w43j-xc8w/GHSA-4x9x-w43j-xc8w.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4x9x-w43j-xc8w",
-  "modified": "2022-05-24T19:21:14Z",
+  "modified": "2026-01-23T15:31:33Z",
   "published": "2022-05-24T19:21:14Z",
   "aliases": [
     "CVE-2021-24713"
   ],
   "details": "The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2024/11/GHSA-4h3w-cwc4-8rm4/GHSA-4h3w-cwc4-8rm4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4h3w-cwc4-8rm4",
-  "modified": "2024-11-11T06:30:34Z",
+  "modified": "2026-01-23T15:31:33Z",
   "published": "2024-11-11T06:30:34Z",
   "aliases": [
     "CVE-2024-51791"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51791"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2024-51791"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/forms-by-made-it/wordpress-forms-plugin-2-8-0-arbitrary-file-upload-vulnerability?_s_id=cve"

advisories/unreviewed/2025/05/GHSA-h2mm-jj4p-hm2p/GHSA-h2mm-jj4p-hm2p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h2mm-jj4p-hm2p",
-  "modified": "2026-01-22T21:33:42Z",
+  "modified": "2026-01-23T15:31:34Z",
   "published": "2025-05-22T00:34:03Z",
   "aliases": [
     "CVE-2025-34026"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
     },
+    {
+      "type": "WEB",
+      "url": "https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e"
+    },
     {
       "type": "WEB",
       "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34026"

advisories/unreviewed/2026/01/GHSA-274q-qxhh-9h7p/GHSA-274q-qxhh-9h7p.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-274q-qxhh-9h7p",
+  "modified": "2026-01-23T15:31:35Z",
+  "published": "2026-01-23T15:31:35Z",
+  "aliases": [
+    "CVE-2026-24529"
+  ],
+  "details": "Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24529"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/quick-restaurant-reservations/vulnerability/wordpress-quick-restaurant-reservations-plugin-1-6-7-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T15:16:08Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2mm7-c9cw-wf2r/GHSA-2mm7-c9cw-wf2r.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2mm7-c9cw-wf2r",
+  "modified": "2026-01-23T15:31:37Z",
+  "published": "2026-01-23T15:31:37Z",
+  "aliases": [
+    "CVE-2026-24571"
+  ],
+  "details": "Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24571"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/box-now-delivery/vulnerability/wordpress-box-now-delivery-plugin-3-0-2-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T15:16:15Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2rfr-c32c-x6p3/GHSA-2rfr-c32c-x6p3.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rfr-c32c-x6p3",
+  "modified": "2026-01-23T15:31:37Z",
+  "published": "2026-01-23T15:31:37Z",
+  "aliases": [
+    "CVE-2026-24576"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24576"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/ux-flat/vulnerability/wordpress-ux-flat-plugin-5-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T15:16:15Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-343j-9r8x-295r/GHSA-343j-9r8x-295r.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-343j-9r8x-295r",
+  "modified": "2026-01-23T15:31:35Z",
+  "published": "2026-01-23T15:31:35Z",
+  "aliases": [
+    "CVE-2026-24532"
+  ],
+  "details": "Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through <= 5.0.2.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24532"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/sitelock/vulnerability/wordpress-sitelock-security-plugin-5-0-2-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T15:16:09Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-382j-74x3-hwj5/GHSA-382j-74x3-hwj5.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-382j-74x3-hwj5",
+  "modified": "2026-01-23T15:31:36Z",
+  "published": "2026-01-23T15:31:36Z",
+  "aliases": [
+    "CVE-2026-24538"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue affects Omnipress: from n/a through <= 1.6.6.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24538"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/omnipress/vulnerability/wordpress-omnipress-plugin-1-6-6-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T15:16:09Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-387g-7jpp-vpxj/GHSA-387g-7jpp-vpxj.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-387g-7jpp-vpxj",
+  "modified": "2026-01-23T15:31:38Z",
+  "published": "2026-01-23T15:31:38Z",
+  "aliases": [
+    "CVE-2026-24620"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.3.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24620"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/page-builder-add/vulnerability/wordpress-landing-page-builder-plugin-1-5-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T15:16:21Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3hhg-38p8-799x/GHSA-3hhg-38p8-799x.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3hhg-38p8-799x",
+  "modified": "2026-01-23T15:31:38Z",
+  "published": "2026-01-23T15:31:38Z",
+  "aliases": [
+    "CVE-2026-24621"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through <= 3.4.9.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24621"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/Wordpress/Plugin/terms-descriptions/vulnerability/wordpress-terms-descriptions-plugin-3-4-9-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-23T15:16:21Z"
+  }
+}