Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
88b8a165 by security tracker role at 2026-07-02T19:14:34+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
CVE-2026-9834 (The WP Database Backup \u2013 Unlimited Database & Files Backup
by Bac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9563 (In Eclipse Parsson published Maven Central artifacts before
version 1. ...)
TODO: check
CVE-2026-9272 (In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a
vulnera ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-9188 (The Appointment Bookings for Zoom GoogleMeet and more \u2013
Wappointm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9145 (The Database for Contact Form 7, WPforms, Elementor forms
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8699 (A stored Cross-Site Scripting (XSS) vulnerability has been
identified ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-8482 (A vulnerability was discovered on StormShield Network Security
4.3.0 t ...)
TODO: check
CVE-2026-8441 (The WP Review Slider Pro plugin for WordPress is vulnerable to
SQL Inj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8147 (In MLflow versions prior to 3.14.0, when running with
authentication e ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2026-8079 (In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7311 (The TinyPNG \u2013 JPEG, PNG & WebP image compression plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5524 (The Divi Form Builder plugin for WordPress is vulnerable to
Arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-58653 (PraisonAI before 0.1.7 fails to validate that project_id in
issue crea ...)
TODO: check
CVE-2026-58652 (luci-app-travelmate (and the travelmate package) contain a
privilege-e ...)
@@ -31,151 +31,151 @@ CVE-2026-58465 (Eclipse Wakaama before
snapshot/2026-05-26 contains an unbounded
CVE-2026-58455 (Dockwatch through 0.6.567 contains an unauthenticated OS
command injec ...)
TODO: check
CVE-2026-57766 (Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE
\u2013 File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57765 (Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57764 (Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO
Breadcrum ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57763 (Contributor Cross Site Scripting (XSS) in Structured Content
<= 1.7.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57762 (Author Cross Site Scripting (XSS) in Simple URLs <= 151
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57761 (Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <=
3.12.2 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57760 (Missing Authorization vulnerability in Sendcloud Sendcloud
Shipping al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57759 (Unauthenticated Cross Site Request Forgery (CSRF) in
ProfileGrid <= 5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57758 (Unauthenticated Cross Site Request Forgery (CSRF) in Permalink
Manager ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57757 (Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP
Backup ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57756 (Contributor SQL Injection in nicen-localize-image <= 1.4.9
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57755 (Contributor Cross Site Scripting (XSS) in Mosaic Gallery
– Advan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57754 (Contributor Cross Site Scripting (XSS) in Livemesh Addons for
WPBakery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57753 (Unauthenticated Sensitive Data Exposure in Kit (formerly
ConvertKit) f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57752 (Contributor SQL Injection in iNET Webkit 1.2.4 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57751 (Unauthenticated Cross Site Request Forgery (CSRF) in Heateor
Social Lo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57750 (Unauthenticated Broken Access Control in ez Form Calculator
Premium <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57749 (Contributor Local File Inclusion in SportsPress Pro <= 2.7.29
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57748 (Contributor Local File Inclusion in Shopify <= 1.0.0 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57747 (Unauthenticated Cross Site Request Forgery (CSRF) in Booked <=
3.0.0 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57746 (Subscriber Broken Access Control in Booked <= 3.0.0 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57731 (Contributor Broken Access Control in Flatsome <= 3.20.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57730 (Subscriber Broken Access Control in Flatsome <= 3.20.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57690 (Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt
<= 4.7. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57689 (Subscriber Broken Access Control in Werkstatt <= 4.7.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57688 (Unauthenticated Broken Access Control in POS Entegrat\xf6r <=
3.7.103 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57687 (Contributor SQL Injection in Custom Field Template <= 2.7.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57686 (Unauthenticated Cross Site Scripting (XSS) in WowAddons <=
1.6.14 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57685 (Subscriber Broken Access Control in Martfury - WooCommerce
Marketplace ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57684 (Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57683 (Unauthenticated SQL Injection in WP Fast Total Search <=
1.80.280 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57682 (Unauthenticated Cross Site Scripting (XSS) in Simple Link
Directory <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57681 (Subscriber Server Side Request Forgery (SSRF) in GeoDirectory
<= 2.8.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57680 (Unauthenticated Insecure Direct Object References (IDOR) in
Kirki <= 6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57679 (Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57678 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57677 (Unauthenticated PHP Object Injection in Novalnet Payment
Gateway for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57675 (Unauthenticated Cross Site Scripting (XSS) in WP Photo Album
Plus <= 9 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57674 (Unauthenticated Cross Site Scripting (XSS) in Timetics <=
1.0.58 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57673 (Unauthenticated Cross Site Scripting (XSS) in Optimole <=
4.2.7 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57672 (Unauthenticated Cross Site Scripting (XSS) in wpDataTables <=
6.5.1.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57671 (Unauthenticated Cross Site Scripting (XSS) in perfmatters <=
2.6.4 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57670 (Unauthenticated Cross Site Scripting (XSS) in Google Maps CP
<= 1.2.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57669 (Subscriber Broken Access Control in Advanced Contact form 7 DB
<= 2.0. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57625 (Unauthenticated Cross Site Scripting (XSS) in Admin and Site
Enhanceme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57624 (Unauthenticated Remote Code Execution (RCE) in Blocksy
Companion Pro < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57623 (Unauthenticated Arbitrary Code Execution in W3 Total Cache <=
2.9.4 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57621 (Unauthenticated PHP Object Injection in Booktics <= 1.0.21
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57426 (Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <=
2.10.8 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57366 (Unauthenticated Cross Site Scripting (XSS) in WPAdverts <=
2.3.1 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57362 (Unauthenticated Cross Site Scripting (XSS) in ChatBot <= 8.3.2
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57361 (Unauthenticated Cross Site Scripting (XSS) in Survey Maker <=
5.2.2.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57360 (Unauthenticated Cross Site Scripting (XSS) in eCommerce
Product Catalo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57359 (Unauthenticated Cross Site Scripting (XSS) in ReviewX <=
2.3.10 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57358 (Unauthenticated Cross Site Scripting (XSS) in Customize My
Account for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57357 (Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO
<= 2.6. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57356 (Unauthenticated Cross Site Scripting (XSS) in MC Woocommerce
Wishlist ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57355 (Subscriber Broken Access Control in Classified Listing <=
5.4.2 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57354 (Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57353 (Subscriber Broken Access Control in Link Whisper Premium <=
2.9.0 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57352 (Unauthenticated Broken Authentication in ALD \u2013
Dropshipping and F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57351 (Unauthenticated Cross Site Scripting (XSS) in HandL UTM
Grabber <= 2.9 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57350 (Unauthenticated Cross Site Scripting (XSS) in WP Debugging <=
2.12.2 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57349 (Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS
Feed Fetch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57348 (Unauthenticated Server Side Request Forgery (SSRF) in Paid
Member Subs ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57347 (Subscriber Sensitive Data Exposure in Hotel Booking Lite <=
6.0.3 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57345 (Unauthenticated Cross Site Scripting (XSS) in Internal Links
Manager < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57344 (Unauthenticated Cross Site Scripting (XSS) in Classified
Listing <= 5. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57343 (Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <=
3.5.9 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57342 (Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive
Images <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56842 (A malicious actor with access to the network and under certain
conditi ...)
TODO: check
CVE-2026-56841 (A malicious actor with access to the network and low
privileges could ...)
TODO: check
CVE-2026-56037 (Deserialization of Untrusted Data vulnerability in Themify
Themify Pop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56004 (A shellcode injection in the mercurial handler of the obs
tar_scm sour ...)
TODO: check
CVE-2026-55952 (The Erlang/OTP ssl application does not validate that the PSK
identity ...)
@@ -241,9 +241,9 @@ CVE-2026-50747 (A malicious actor with access to the
network and low privileges
CVE-2026-50746 (A malicious actor with access to the network could exploit an
Improper ...)
TODO: check
CVE-2026-50282 (Craft CMS is a content management system (CMS). Versions
5.0.0-RC1 and ...)
- TODO: check
+ NOT-FOR-US: Craft CMS or plugin for Craft CMS
CVE-2026-50281 (Craft CMS is a content management system (CMS). Versions 5.7.0
and abo ...)
- TODO: check
+ NOT-FOR-US: Craft CMS or plugin for Craft CMS
CVE-2026-4772 (Improper neutralization of input during web page generation
('cross-si ...)
TODO: check
CVE-2026-4770 (Improper neutralization of input during web page generation
('cross-si ...)
@@ -251,61 +251,61 @@ CVE-2026-4770 (Improper neutralization of input during
web page generation ('cro
CVE-2026-4767 (Missing authentication for critical function vulnerability in
TR7 Cybe ...)
TODO: check
CVE-2026-49779 (Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-44941 (A relative path traversal in the "keyhint" option in
repomd.xml parsin ...)
TODO: check
CVE-2026-44935 (Missing validation of "valuesFrom" references in Helm Deployer
of SUSE ...)
TODO: check
CVE-2026-42382 (Unauthenticated Local File Inclusion in Audrey <= 1.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39448 (Unauthenticated Broken Access Control in NOWPayments for
WooCommerce < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-33592 (An unauthenticated remote attacker can exhaust server memory
via the F ...)
TODO: check
CVE-2026-27436 (Editor Arbitrary Code Execution in Five Star Business Profile
and Sche ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27433 (Unauthenticated Broken Access Control in Motors <= 5.6.80
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27430 (Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27426 (Unauthenticated Cross Site Scripting (XSS) in Automotive Car
Dealershi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27425 (Unauthenticated Cross Site Scripting (XSS) in Automotive
Listings <= 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27419 (Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27414 (Contributor PHP Object Injection in Werkstatt <= 4.8.3
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27412 (Unauthenticated Local File Inclusion in Pearl - Corporate
Business <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27408 (Unauthenticated Cross Site Scripting (XSS) in NativeChurch <=
4.8.8.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27404 (Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27402 (Unauthenticated Cross Site Scripting (XSS) in Kids Life |
Children Sch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27060 (Contributor PHP Object Injection in ARMember Premium <= 7.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-14449 (u5CMSthroughv12.8.8 is vulnerable to reflected XSS via the
\u2018thank ...)
TODO: check
CVE-2026-14336 (PIA's OIDC issuer allowlist for Jenkins tokens uses a bare
string-pref ...)
TODO: check
CVE-2026-14029 (The Groundhogg \u2014 CRM, Newsletters, and Marketing
Automation plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13743 (CubeSpace CW0057 Reaction Wheel firmware versions prior to
5.0.20 are ...)
TODO: check
CVE-2026-13459 (The JetFormBuilder \u2014 Dynamic Blocks Form Builder plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13369 (The Ninja Forms - File Uploads plugin for WordPress is
vulnerable to A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13252 (The RSS Aggregator by Feedzy \u2013 Feed to Post,
Autoblogging, News & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13251 (The Perfmatters plugin for WordPress is vulnerable to
Directory Traver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12657 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12472 (The Kirki \u2013 Freeform Page Builder, Website Builder &
Customizer p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12168 (An improper validation vulnerability for driver
`GFAC_Sys_x64.sys` in ...)
TODO: check
CVE-2026-12167 (The Minifilter communication port for driver
`GFAC_Sys_x64.sys` in Lit ...)
@@ -313,37 +313,37 @@ CVE-2026-12167 (The Minifilter communication port for
driver `GFAC_Sys_x64.sys`
CVE-2026-12166 (A NULL pointer dereference vulnerability for driver
`GFAC_Sys_x64.sys` ...)
TODO: check
CVE-2026-12134 (The JoomSport \u2013 for Sports: Team & League, Football,
Hockey & mor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12122 (The Kirki \u2013 Freeform Page Builder, Website Builder &
Customizer p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11946 (An unauthenticated remote attacker can exhaust server memory
via the G ...)
TODO: check
CVE-2026-11896 (The My Calendar \u2013 Accessible Event Manager plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10104 (The Product Video Gallery for Woocommerce plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-69156 (Unauthenticated Cross Site Scripting (XSS) in Kids Zone -
Children Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69155 (Unauthenticated Cross Site Scripting (XSS) in Fitness Zone
WordPress T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69154 (Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty
Salon Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69153 (Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <=
6.7 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69152 (Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding
Photogr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69134 (Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69133 (Subscriber Local File Inclusion in Tourmaster <= 5.4.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69132 (Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69094 (Subscriber SQL Injection in Unicamp <= 2.2.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66076 (Unauthenticated Broken Access Control in Woostify Sites
Library <= 1.6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58902 (Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2024-58352 (Landray OA contains an unauthenticated HQL injection
vulnerability tha ...)
TODO: check
CVE-2024-14037 (Redsea Cloud eHR contains an arbitrary file upload
vulnerability that ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88b8a16575d29985bc630956bf1abcef2bee10c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88b8a16575d29985bc630956bf1abcef2bee10c5
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits