Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f1f9b311 by security tracker role at 2025-07-02T08:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2025-6687 (The Magic Buttons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-6686 (The Magic Buttons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-6464 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
+ TODO: check
+CVE-2025-6463 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
+ TODO: check
+CVE-2025-6459 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising
Manager plugi ...)
+ TODO: check
+CVE-2025-6437 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising
Manager plugi ...)
+ TODO: check
+CVE-2025-6017 (A flaw was found in Red Hat Advanced Cluster Management through
versio ...)
+ TODO: check
+CVE-2025-5817 (The Amazon Products to WooCommerce plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-5746 (The Drag and Drop Multiple File Upload (Pro) - WooCommerce
plugin for ...)
+ TODO: check
+CVE-2025-5692 (The Lead Form Data Collection to CRM plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-5339 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising
Manager plugi ...)
+ TODO: check
+CVE-2025-5014 (The Home Villas | Real Estate WordPress Theme theme for
WordPress is v ...)
+ TODO: check
+CVE-2025-52925 (In One Identity OneLogin Active Directory Connector before
6.1.5, encr ...)
+ TODO: check
+CVE-2025-52463 (Cross-site request forgery vulnerability exists in Active!
mail 6 Buil ...)
+ TODO: check
+CVE-2025-52462 (Cross-site scripting vulnerability exists in Active! mail 6
BuildInfo: ...)
+ TODO: check
+CVE-2025-52101 (linjiashop <=0.9 is vulnerable to Incorrect Access Control.
When using ...)
+ TODO: check
+CVE-2025-4689 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising
Manager plugi ...)
+ TODO: check
+CVE-2025-4654 (The Soumettre.fr plugin for WordPress is vulnerable to
unauthorized ac ...)
+ TODO: check
+CVE-2025-4381 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising
Manager plugi ...)
+ TODO: check
+CVE-2025-4380 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising
Manager plugi ...)
+ TODO: check
+CVE-2025-49741 (No cwe for this issue in Microsoft Edge (Chromium-based)
allows an una ...)
+ TODO: check
+CVE-2025-3848 (The Download Manager and Payment Form WordPress Plugin \u2013
WP Smart ...)
+ TODO: check
+CVE-2025-36630 (In Tenable Nessus versions prior to 10.8.5 on a Windows host,
it was f ...)
+ TODO: check
+CVE-2025-24328 (Sending a crafted SOAP "set" operation message within the
Mobile Netwo ...)
+ TODO: check
+CVE-2024-13786 (The education theme for WordPress is vulnerable to PHP Object
Injectio ...)
+ TODO: check
+CVE-2024-13451 (The Contact Form by Bit Form: Multi Step Form, Calculation
Contact For ...)
+ TODO: check
+CVE-2024-11405 (The WP Front-end login and register plugin for WordPress is
vulnerable ...)
+ TODO: check
CVE-2025-6963 (A vulnerability has been found in Campcodes Employee Management
System ...)
NOT-FOR-US: Campcodes
CVE-2025-6962 (A vulnerability, which was classified as critical, was found in
Campco ...)
@@ -298,6 +352,7 @@ CVE-2024-12915 (Improper Neutralization of Input During Web
Page Generation (XSS
CVE-2023-47310 (A misconfiguration in the default settings of MikroTik
RouterOS 7 and ...)
NOT-FOR-US: MikroTik
CVE-2025-6554 (Type confusion in V8 in Google Chrome prior to 138.0.7204.96
allowed a ...)
+ {DSA-5955-1}
- chromium 138.0.7204.92-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-32463 (Sudo before 1.9.17p1 allows local users to obtain root access
because ...)
@@ -617,7 +672,7 @@ CVE-2025-6762 (A vulnerability classified as critical has
been found in diyhi bb
NOT-FOR-US: diyhi bbs
CVE-2025-6761 (A vulnerability was found in Kingdee Cloud-Starry-Sky
Enterprise Editi ...)
NOT-FOR-US: Kingdee Cloud-Starry-Sky Enterprise Edition
-CVE-2025-6705 (On open-vsx.org https://open-vsx.org/ it was possible to run
an arbit ...)
+CVE-2025-6705 (A vulnerability in the Eclipse Open VSX Registry\u2019s
automated publ ...)
NOT-FOR-US: https://open-vsx.org/
CVE-2025-6522 (Unauthenticated users on an adjacent network with the Sight
Bulb Pro c ...)
NOT-FOR-US: Sight Bulb Pro
@@ -334127,7 +334182,7 @@ CVE-2021-36877 (Cross-Site Request Forgery (CSRF)
vulnerability in WordPress uLi
NOT-FOR-US: WordPress plugin
CVE-2021-36876 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
WordPres ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36875 (Authenticated Reflected Cross-Site Scripting (XSS)
vulnerability in Wo ...)
+CVE-2021-36875 (Cross-site Scripting (XSS) vulnerability in Stylemix Directory
Listing ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36874 (Authenticated Insecure Direct Object References (IDOR)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f9b31158950142f0aac11f8b414b74dbf0ff52
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f9b31158950142f0aac11f8b414b74dbf0ff52
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
