Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit d32769a87b14 · 2026-03-20T06:33:36.000Z
GHSA-434r-hj47-rpjj GHSA-6m37-cw4q-hwm8 GHSA-87cg-cvxg-vphq GHSA-8f2c-v2vv-hc2c GHSA-chw2-hf2j-p9xc GHSA-j468-h552-9vxq GHSA-mpcm-qq2w-h84c GHSA-r5qw-69f6-29j2
diff --git a/advisories/unreviewed/2026/03/GHSA-434r-hj47-rpjj/GHSA-434r-hj47-rpjj.json b/advisories/unreviewed/2026/03/GHSA-434r-hj47-rpjj/GHSA-434r-hj47-rpjj.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-434r-hj47-rpjj",
+  "modified": "2026-03-20T06:31:33Z",
+  "published": "2026-03-20T06:31:33Z",
+  "aliases": [
+    "CVE-2026-4136"
+  ],
+  "details": "The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4136"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.24/core/includes/login-functions.php#L270"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3486071/restrict-content"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4cf42d3-9864-440b-8357-36c82cbef28f?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-640"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-20T04:16:50Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-6m37-cw4q-hwm8/GHSA-6m37-cw4q-hwm8.json b/advisories/unreviewed/2026/03/GHSA-6m37-cw4q-hwm8/GHSA-6m37-cw4q-hwm8.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6m37-cw4q-hwm8",
+  "modified": "2026-03-20T06:31:33Z",
+  "published": "2026-03-20T06:31:33Z",
+  "aliases": [
+    "CVE-2026-4038"
+  ],
+  "details": "The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to call arbitrary WordPress functions such as 'update_option' to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4038"
+    },
+    {
+      "type": "WEB",
+      "url": "https://codecanyon.net/item/aimogen-pro-allinone-ai-content-writer-editor-chatbot-automation-toolkit/38877369"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e45a17-cb41-41ba-ab6c-c83202f0ecfd?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-20T04:16:50Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-87cg-cvxg-vphq/GHSA-87cg-cvxg-vphq.json b/advisories/unreviewed/2026/03/GHSA-87cg-cvxg-vphq/GHSA-87cg-cvxg-vphq.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-87cg-cvxg-vphq",
+  "modified": "2026-03-20T06:31:33Z",
+  "published": "2026-03-20T06:31:33Z",
+  "aliases": [
+    "CVE-2026-4471"
+  ],
+  "details": "A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin_edit_employee.php. Executing a manipulation of the argument First_Name can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4471"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/microwaveabi/vul/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.351761"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.351761"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.773939"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-20T05:16:16Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-8f2c-v2vv-hc2c/GHSA-8f2c-v2vv-hc2c.json b/advisories/unreviewed/2026/03/GHSA-8f2c-v2vv-hc2c/GHSA-8f2c-v2vv-hc2c.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8f2c-v2vv-hc2c",
+  "modified": "2026-03-20T06:31:34Z",
+  "published": "2026-03-20T06:31:34Z",
+  "aliases": [
+    "CVE-2026-4473"
+  ],
+  "details": "A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointment_action.php. The manipulation of the argument appointment_id results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4473"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/sjkdhl/public/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.351763"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.351763"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.772883"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-20T06:16:12Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-chw2-hf2j-p9xc/GHSA-chw2-hf2j-p9xc.json b/advisories/unreviewed/2026/03/GHSA-chw2-hf2j-p9xc/GHSA-chw2-hf2j-p9xc.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-chw2-hf2j-p9xc",
+  "modified": "2026-03-20T06:31:33Z",
+  "published": "2026-03-20T06:31:33Z",
+  "aliases": [
+    "CVE-2026-4470"
+  ],
+  "details": "A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_edit_menu.php. Performing a manipulation of the argument product_name results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4470"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/sjkdhl/public/issues/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.351760"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.351760"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.772882"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-20T05:16:16Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-j468-h552-9vxq/GHSA-j468-h552-9vxq.json b/advisories/unreviewed/2026/03/GHSA-j468-h552-9vxq/GHSA-j468-h552-9vxq.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j468-h552-9vxq",
+  "modified": "2026-03-20T06:31:33Z",
+  "published": "2026-03-20T06:31:33Z",
+  "aliases": [
+    "CVE-2026-4472"
+  ],
+  "details": "A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4472"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/rockycheng1/cve/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.351762"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.351762"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.775207"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-20T05:16:17Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-mpcm-qq2w-h84c/GHSA-mpcm-qq2w-h84c.json b/advisories/unreviewed/2026/03/GHSA-mpcm-qq2w-h84c/GHSA-mpcm-qq2w-h84c.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mpcm-qq2w-h84c",
+  "modified": "2026-03-20T06:31:33Z",
+  "published": "2026-03-20T06:31:33Z",
+  "aliases": [
+    "CVE-2026-4468"
+  ],
+  "details": "A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET&section=update_interface_png. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4468"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jinhao118/cve/blob/main/ComFast%20CF-AC100-V2.6.0.8_4.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.351758"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.351758"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.772878"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-20T04:16:50Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-r5qw-69f6-29j2/GHSA-r5qw-69f6-29j2.json b/advisories/unreviewed/2026/03/GHSA-r5qw-69f6-29j2/GHSA-r5qw-69f6-29j2.json
