Publish Advisories

GHSA-wvhq-3h88-rf6g
GHSA-58qh-jxh9-rvp5
GHSA-62xf-gv4m-h3vc
GHSA-gvgc-7vpx-c4jp
GHSA-h886-6wvm-63qx
GHSA-hwjj-g6g7-p8cf
GHSA-jhr5-g8vv-6x3q
GHSA-jmvf-vwrm-vhw5
GHSA-jv85-6mgr-3w99

Author: advisory-database[bot]

advisories/unreviewed/2026/01/GHSA-wvhq-3h88-rf6g/GHSA-wvhq-3h88-rf6g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wvhq-3h88-rf6g",
-  "modified": "2026-01-29T15:30:27Z",
+  "modified": "2026-02-26T00:31:23Z",
   "published": "2026-01-27T18:32:15Z",
   "aliases": [
     "CVE-2025-15467"
@@ -46,6 +46,10 @@
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2026/01/27/10"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/02/25/6"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-58qh-jxh9-rvp5/GHSA-58qh-jxh9-rvp5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-58qh-jxh9-rvp5",
-  "modified": "2026-02-20T18:31:34Z",
+  "modified": "2026-02-26T00:31:23Z",
   "published": "2026-02-20T18:31:34Z",
   "aliases": [
     "CVE-2025-67969"
   ],
   "details": "Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:03Z"

advisories/unreviewed/2026/02/GHSA-62xf-gv4m-h3vc/GHSA-62xf-gv4m-h3vc.json

@@ -33,7 +33,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-824"
+    ],
     "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/02/GHSA-gvgc-7vpx-c4jp/GHSA-gvgc-7vpx-c4jp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gvgc-7vpx-c4jp",
-  "modified": "2026-02-20T18:31:33Z",
+  "modified": "2026-02-26T00:31:23Z",
   "published": "2026-02-20T18:31:33Z",
   "aliases": [
     "CVE-2025-67547"
   ],
   "details": "Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:02Z"

advisories/unreviewed/2026/02/GHSA-h886-6wvm-63qx/GHSA-h886-6wvm-63qx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h886-6wvm-63qx",
-  "modified": "2026-02-20T18:31:34Z",
+  "modified": "2026-02-26T00:31:23Z",
   "published": "2026-02-20T18:31:34Z",
   "aliases": [
     "CVE-2025-67998"
   ],
   "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-288"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:06Z"

advisories/unreviewed/2026/02/GHSA-hwjj-g6g7-p8cf/GHSA-hwjj-g6g7-p8cf.json

@@ -34,6 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-457",
       "CWE-908"
     ],
     "severity": "CRITICAL",

advisories/unreviewed/2026/02/GHSA-jhr5-g8vv-6x3q/GHSA-jhr5-g8vv-6x3q.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jhr5-g8vv-6x3q",
-  "modified": "2026-02-20T18:31:34Z",
+  "modified": "2026-02-26T00:31:23Z",
   "published": "2026-02-20T18:31:34Z",
   "aliases": [
     "CVE-2025-67973"
   ],
   "details": "Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.6.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:03Z"

advisories/unreviewed/2026/02/GHSA-jmvf-vwrm-vhw5/GHSA-jmvf-vwrm-vhw5.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jmvf-vwrm-vhw5",
+  "modified": "2026-02-26T00:31:24Z",
+  "published": "2026-02-26T00:31:24Z",
+  "aliases": [
+    "CVE-2026-2694"
+  ],
+  "details": "The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'can_edit' and 'can_delete' function in all versions up to, and including, 6.15.16. This makes it possible for authenticated attackers, with Contributor-level access and above, to update or trash events, organizers and venues via REST API.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2694"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/6.15.16/src/Tribe/REST/V1/Endpoints/Single_Event.php#L498"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/6.15.16/src/Tribe/REST/V1/Endpoints/Single_Event.php#L563"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/6.15.16/src/Tribe/REST/V1/Endpoints/Single_Venue.php#L529"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/6.15.16/src/Tribe/REST/V1/Endpoints/Single_Venue.php#L583"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3468694/the-events-calendar"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67351a37-a457-48d6-b40a-95a7e3a0d746?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T22:16:28Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-jv85-6mgr-3w99/GHSA-jv85-6mgr-3w99.json

@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jv85-6mgr-3w99",
+  "modified": "2026-02-26T00:31:25Z",
+  "published": "2026-02-26T00:31:24Z",
+  "aliases": [
+    "CVE-2026-3209"
+  ],
+  "details": "A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3209"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/fosrl/pangolin/pull/2511"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/fosrl/pangolin/commit/5e37c4e85fae68e756be5019a28ca903b161fdd5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/henrrrychau/0457bef6776d0c99688f9cf55cdf55f7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/fosrl/pangolin"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/fosrl/pangolin/releases/tag/1.15.4-s.4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347796"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347796"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.765676"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T23:16:21Z"
+  }
+}