Skip to content

Commit 833696d

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-f2v8-p56h-3qj9 GHSA-gvcr-mc93-7p8p
1 parent 829a95c commit 833696d

2 files changed

Lines changed: 76 additions & 0 deletions

File tree

advisories/unreviewed/2026/04/GHSA-f2v8-p56h-3qj9/GHSA-f2v8-p56h-3qj9.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-f2v8-p56h-3qj9",
4+
"modified": "2026-04-04T03:31:13Z",
5+
"published": "2026-04-04T03:31:13Z",
6+
"aliases": [
7+
"CVE-2026-3571"
8+
],
9+
"details": "The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3571"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/changeset/3494602/pie-register"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3137a85e-82e3-4111-ae60-1bcf1abd0c0b?source=cve"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-862"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-04-04T02:15:59Z"
39+
}
40+
}

advisories/unreviewed/2026/04/GHSA-gvcr-mc93-7p8p/GHSA-gvcr-mc93-7p8p.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-gvcr-mc93-7p8p",
4+
"modified": "2026-04-04T03:31:13Z",
5+
"published": "2026-04-04T03:31:13Z",
6+
"aliases": [
7+
"CVE-2026-35616"
8+
],
9+
"details": "A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35616"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-099"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-284"
30+
],
31+
"severity": "CRITICAL",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-04-04T01:16:39Z"
35+
}
36+
}

0 commit comments

Comments
 (0)