Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
88b8a165 by security tracker role at 2026-07-02T19:14:34+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
 CVE-2026-9834 (The WP Database Backup \u2013 Unlimited Database & Files Backup 
by Bac ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9563 (In Eclipse Parsson published Maven Central artifacts before 
version 1. ...)
        TODO: check
 CVE-2026-9272 (In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-9188 (The Appointment Bookings for Zoom GoogleMeet and more \u2013 
Wappointm ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9145 (The Database for Contact Form 7, WPforms, Elementor forms 
plugin for W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8699 (A stored Cross-Site Scripting (XSS) vulnerability has been 
identified  ...)
-       TODO: check
+       NOT-FOR-US: TPLink
 CVE-2026-8482 (A vulnerability was discovered on StormShield Network Security 
4.3.0 t ...)
        TODO: check
 CVE-2026-8441 (The WP Review Slider Pro plugin for WordPress is vulnerable to 
SQL Inj ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8147 (In MLflow versions prior to 3.14.0, when running with 
authentication e ...)
-       TODO: check
+       NOT-FOR-US: mlflow
 CVE-2026-8079 (In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-7311 (The TinyPNG \u2013 JPEG, PNG & WebP image compression plugin 
for WordP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-5524 (The Divi Form Builder plugin for WordPress is vulnerable to 
Arbitrary  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-58653 (PraisonAI before 0.1.7 fails to validate that project_id in 
issue crea ...)
        TODO: check
 CVE-2026-58652 (luci-app-travelmate (and the travelmate package) contain a 
privilege-e ...)
@@ -31,151 +31,151 @@ CVE-2026-58465 (Eclipse Wakaama before 
snapshot/2026-05-26 contains an unbounded
 CVE-2026-58455 (Dockwatch through 0.6.567 contains an unauthenticated OS 
command injec ...)
        TODO: check
 CVE-2026-57766 (Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE 
\u2013 File ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57765 (Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57764 (Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO 
Breadcrum ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57763 (Contributor Cross Site Scripting (XSS) in Structured Content 
<= 1.7.0  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57762 (Author Cross Site Scripting (XSS) in Simple URLs <= 151 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57761 (Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 
3.12.2 v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57760 (Missing Authorization vulnerability in Sendcloud Sendcloud 
Shipping al ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57759 (Unauthenticated Cross Site Request Forgery (CSRF) in 
ProfileGrid  <= 5 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57758 (Unauthenticated Cross Site Request Forgery (CSRF) in Permalink 
Manager ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57757 (Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP 
Backup  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57756 (Contributor SQL Injection in nicen-localize-image <= 1.4.9 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57755 (Contributor Cross Site Scripting (XSS) in Mosaic Gallery 
&#8211; Advan ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57754 (Contributor Cross Site Scripting (XSS) in Livemesh Addons for 
WPBakery ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57753 (Unauthenticated Sensitive Data Exposure in Kit (formerly 
ConvertKit) f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57752 (Contributor SQL Injection in iNET Webkit 1.2.4 versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57751 (Unauthenticated Cross Site Request Forgery (CSRF) in Heateor 
Social Lo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57750 (Unauthenticated Broken Access Control in ez Form Calculator 
Premium <= ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57749 (Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 
versions ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57748 (Contributor Local File Inclusion in Shopify <= 1.0.0 versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57747 (Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 
3.0.0 v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57746 (Subscriber Broken Access Control in Booked <= 3.0.0 versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57731 (Contributor Broken Access Control in Flatsome <= 3.20.5 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57730 (Subscriber Broken Access Control in Flatsome <= 3.20.5 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57690 (Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt 
<= 4.7. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57689 (Subscriber Broken Access Control in Werkstatt <= 4.7.2 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57688 (Unauthenticated Broken Access Control in POS Entegrat\xf6r <= 
3.7.103  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57687 (Contributor SQL Injection in Custom Field Template <= 2.7.8 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57686 (Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 
1.6.14 vers ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57685 (Subscriber Broken Access Control in Martfury - WooCommerce 
Marketplace ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57684 (Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57683 (Unauthenticated SQL Injection in WP Fast Total Search <= 
1.80.280 vers ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57682 (Unauthenticated Cross Site Scripting (XSS) in Simple Link 
Directory <= ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57681 (Subscriber Server Side Request Forgery (SSRF) in GeoDirectory 
<= 2.8.1 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57680 (Unauthenticated Insecure Direct Object References (IDOR) in 
Kirki <= 6 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57679 (Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57678 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57677 (Unauthenticated PHP Object Injection in Novalnet Payment 
Gateway for W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57675 (Unauthenticated Cross Site Scripting (XSS) in WP Photo Album 
Plus <= 9 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57674 (Unauthenticated Cross Site Scripting (XSS) in Timetics <= 
1.0.58 versi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57673 (Unauthenticated Cross Site Scripting (XSS) in Optimole <= 
4.2.7 versio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57672 (Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 
6.5.1.1  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57671 (Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 
2.6.4 ver ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57670 (Unauthenticated Cross Site Scripting (XSS) in Google Maps CP 
<= 1.2.5  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57669 (Subscriber Broken Access Control in Advanced Contact form 7 DB 
<= 2.0. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57625 (Unauthenticated Cross Site Scripting (XSS) in Admin and Site 
Enhanceme ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57624 (Unauthenticated Remote Code Execution (RCE) in Blocksy 
Companion Pro < ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57623 (Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 
2.9.4 ve ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57621 (Unauthenticated PHP Object Injection in Booktics <= 1.0.21 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57426 (Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 
2.10.8 v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57366 (Unauthenticated Cross Site Scripting (XSS) in WPAdverts <= 
2.3.1 versi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57362 (Unauthenticated Cross Site Scripting (XSS) in ChatBot <= 8.3.2 
version ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57361 (Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 
5.2.2.5  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57360 (Unauthenticated Cross Site Scripting (XSS) in eCommerce 
Product Catalo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57359 (Unauthenticated Cross Site Scripting (XSS) in ReviewX <= 
2.3.10 versio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57358 (Unauthenticated Cross Site Scripting (XSS) in Customize My 
Account for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57357 (Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO 
<= 2.6. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57356 (Unauthenticated Cross Site Scripting (XSS) in MC Woocommerce 
Wishlist  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57355 (Subscriber Broken Access Control in Classified Listing <= 
5.4.2 versio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57354 (Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 
version ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57353 (Subscriber Broken Access Control in Link Whisper Premium <= 
2.9.0 vers ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57352 (Unauthenticated Broken Authentication in ALD \u2013 
Dropshipping and F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57351 (Unauthenticated Cross Site Scripting (XSS) in HandL UTM 
Grabber <= 2.9 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57350 (Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 
2.12.2 v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57349 (Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS 
Feed Fetch ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57348 (Unauthenticated Server Side Request Forgery (SSRF) in Paid 
Member Subs ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57347 (Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 
6.0.3 vers ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57345 (Unauthenticated Cross Site Scripting (XSS) in Internal Links 
Manager < ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57344 (Unauthenticated Cross Site Scripting (XSS) in Classified 
Listing <= 5. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57343 (Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 
3.5.9 v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57342 (Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive 
Images <= ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56842 (A malicious actor with access to the network and under certain 
conditi ...)
        TODO: check
 CVE-2026-56841 (A malicious actor with access to the network and low 
privileges could  ...)
        TODO: check
 CVE-2026-56037 (Deserialization of Untrusted Data vulnerability in Themify 
Themify Pop ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56004 (A shellcode injection in the mercurial handler of the obs 
tar_scm sour ...)
        TODO: check
 CVE-2026-55952 (The Erlang/OTP ssl application does not validate that the PSK 
identity ...)
@@ -241,9 +241,9 @@ CVE-2026-50747 (A malicious actor with access to the 
network and low privileges
 CVE-2026-50746 (A malicious actor with access to the network could exploit an 
Improper ...)
        TODO: check
 CVE-2026-50282 (Craft CMS is a content management system (CMS). Versions 
5.0.0-RC1 and ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS or plugin for Craft CMS
 CVE-2026-50281 (Craft CMS is a content management system (CMS). Versions 5.7.0 
and abo ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS or plugin for Craft CMS
 CVE-2026-4772 (Improper neutralization of input during web page generation 
('cross-si ...)
        TODO: check
 CVE-2026-4770 (Improper neutralization of input during web page generation 
('cross-si ...)
@@ -251,61 +251,61 @@ CVE-2026-4770 (Improper neutralization of input during 
web page generation ('cro
 CVE-2026-4767 (Missing authentication for critical function vulnerability in 
TR7 Cybe ...)
        TODO: check
 CVE-2026-49779 (Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 
version ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-44941 (A relative path traversal in the "keyhint" option in 
repomd.xml parsin ...)
        TODO: check
 CVE-2026-44935 (Missing validation of "valuesFrom" references in Helm Deployer 
of SUSE ...)
        TODO: check
 CVE-2026-42382 (Unauthenticated Local File Inclusion in Audrey <= 1.5 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-39448 (Unauthenticated Broken Access Control in NOWPayments for 
WooCommerce < ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-33592 (An unauthenticated remote attacker can exhaust server memory 
via the F ...)
        TODO: check
 CVE-2026-27436 (Editor Arbitrary Code Execution in Five Star Business Profile 
and Sche ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27433 (Unauthenticated Broken Access Control in Motors <= 5.6.80 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27430 (Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 
version ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27426 (Unauthenticated Cross Site Scripting (XSS) in Automotive Car 
Dealershi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27425 (Unauthenticated Cross Site Scripting (XSS) in Automotive 
Listings <= 1 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27419 (Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27414 (Contributor PHP Object Injection in Werkstatt <= 4.8.3 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27412 (Unauthenticated Local File Inclusion in Pearl - Corporate 
Business <=  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27408 (Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 
4.8.8.2  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27404 (Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27402 (Unauthenticated Cross Site Scripting (XSS) in Kids Life | 
Children Sch ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27060 (Contributor PHP Object Injection in ARMember Premium <= 7.0 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-14449 (u5CMSthroughv12.8.8 is vulnerable to reflected XSS via the 
\u2018thank ...)
        TODO: check
 CVE-2026-14336 (PIA's OIDC issuer allowlist for Jenkins tokens uses a bare 
string-pref ...)
        TODO: check
 CVE-2026-14029 (The Groundhogg \u2014 CRM, Newsletters, and Marketing 
Automation plugi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13743 (CubeSpace CW0057 Reaction Wheel firmware versions prior to 
5.0.20 are  ...)
        TODO: check
 CVE-2026-13459 (The JetFormBuilder \u2014 Dynamic Blocks Form Builder plugin 
for WordP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13369 (The Ninja Forms - File Uploads plugin for WordPress is 
vulnerable to A ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13252 (The RSS Aggregator by Feedzy \u2013 Feed to Post, 
Autoblogging, News & ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13251 (The Perfmatters plugin for WordPress is vulnerable to 
Directory Traver ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12657 (The LatePoint \u2013 Calendar Booking Plugin for Appointments 
and Even ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12472 (The Kirki \u2013 Freeform Page Builder, Website Builder & 
Customizer p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12168 (An improper validation vulnerability for driver 
`GFAC_Sys_x64.sys` in  ...)
        TODO: check
 CVE-2026-12167 (The Minifilter communication port for driver 
`GFAC_Sys_x64.sys` in Lit ...)
@@ -313,37 +313,37 @@ CVE-2026-12167 (The Minifilter communication port for 
driver `GFAC_Sys_x64.sys`
 CVE-2026-12166 (A NULL pointer dereference vulnerability for driver 
`GFAC_Sys_x64.sys` ...)
        TODO: check
 CVE-2026-12134 (The JoomSport \u2013 for Sports: Team & League, Football, 
Hockey & mor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12122 (The Kirki \u2013 Freeform Page Builder, Website Builder & 
Customizer p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11946 (An unauthenticated remote attacker can exhaust server memory 
via the G ...)
        TODO: check
 CVE-2026-11896 (The My Calendar \u2013 Accessible Event Manager plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10104 (The Product Video Gallery for Woocommerce plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-69156 (Unauthenticated Cross Site Scripting (XSS) in Kids Zone - 
Children Wor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69155 (Unauthenticated Cross Site Scripting (XSS) in Fitness Zone 
WordPress T ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69154 (Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty 
Salon Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69153 (Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 
6.7 ver ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69152 (Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding 
Photogr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69134 (Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot 
for WordP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69133 (Subscriber Local File Inclusion in Tourmaster <= 5.4.5 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69132 (Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69094 (Subscriber SQL Injection in Unicamp <= 2.2.2 versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-66076 (Unauthenticated Broken Access Control in Woostify Sites 
Library <= 1.6 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58902 (Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 
versions.)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2024-58352 (Landray OA contains an unauthenticated HQL injection 
vulnerability tha ...)
        TODO: check
 CVE-2024-14037 (Redsea Cloud eHR contains an arbitrary file upload 
vulnerability that  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88b8a16575d29985bc630956bf1abcef2bee10c5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88b8a16575d29985bc630956bf1abcef2bee10c5
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to