diff --git a/advisories/unreviewed/2026/05/GHSA-hmgx-5p26-ccf2/GHSA-hmgx-5p26-ccf2.json b/advisories/unreviewed/2026/05/GHSA-hmgx-5p26-ccf2/GHSA-hmgx-5p26-ccf2.json
index 6a38907b53d04..6ef7411439199 100644
--- a/advisories/unreviewed/2026/05/GHSA-hmgx-5p26-ccf2/GHSA-hmgx-5p26-ccf2.json
+++ b/advisories/unreviewed/2026/05/GHSA-hmgx-5p26-ccf2/GHSA-hmgx-5p26-ccf2.json
@@ -1,14 +1,35 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hmgx-5p26-ccf2",
-  "modified": "2026-05-20T09:30:34Z",
+  "modified": "2026-05-20T09:30:37Z",
   "published": "2026-05-20T09:30:34Z",
   "aliases": [
     "CVE-2026-5776"
   ],
+  "summary": "Stored XSS",
   "details": "The Email Encoder  WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks",
   "severity": [],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "onlineoptimisation/email-encoder-bundle"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "< 2.4.7"
+      }
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -20,7 +41,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-80"
+    ],
     "severity": null,
     "github_reviewed": false,
     "github_reviewed_at": null,