[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 13 21:20:08 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ec9cf3b by Salvatore Bonaccorso at 2022-06-13T22:18:43+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2411,7 +2411,7 @@ CVE-2022-1970
RESERVED
NOT-FOR-US: Keycloak
CVE-2022-1969 (The Mobile browser color select plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Mobile browser color select plugin for WordPress
CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -3488,7 +3488,7 @@ CVE-2022-1919
- firefox 101.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-1919
CVE-2022-1918 (The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: ToolBar to Share plugin for WordPress
CVE-2022-1917
RESERVED
CVE-2022-1916
@@ -3559,7 +3559,7 @@ CVE-2022-1902
CVE-2022-1901
RESERVED
CVE-2022-1900 (The Copify plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
- TODO: check
+ NOT-FOR-US: Copify plugin for WordPress
CVE-2021-46815 (Configuration defects in the secure OS module. Successful exploitation ...)
TODO: check
CVE-2021-46814 (The video framework has an out-of-bounds memory read/write vulnerabili ...)
@@ -4957,13 +4957,13 @@ CVE-2022-1824
CVE-2022-1823
RESERVED
CVE-2022-1822 (The Zephyr Project Manager plugin for WordPress is vulnerable to Refle ...)
- TODO: check
+ NOT-FOR-US: Zephyr Project Manager plugin for WordPress
CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1820 (The Keep Backup Daily plugin for WordPress is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: Keep Backup Daily plugin for WordPress
CVE-2022-1819 (A vulnerability, which was classified as problematic, was found in Stu ...)
NOT-FOR-US: Student Information System
CVE-2022-1818
@@ -4975,7 +4975,7 @@ CVE-2022-1816 (A vulnerability, which was classified as problematic, has been fo
CVE-2022-1815 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1814 (The WP Admin Style WordPress plugin through 0.1.2 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30549
RESERVED
CVE-2022-29524
@@ -5126,7 +5126,7 @@ CVE-2022-31216
CVE-2022-1801
RESERVED
CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1799
RESERVED
CVE-2022-1798
@@ -5654,21 +5654,21 @@ CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV
CVE-2022-1794
RESERVED
CVE-2022-1793 (The Private Files WordPress plugin through 0.40 is missing CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1792 (The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1791 (The One Click Plugin Updater WordPress plugin through 2.4.14 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1790 (The New User Email Set Up WordPress plugin through 0.5.2 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1789 (With shadow paging enabled, the INVPCID instruction results in a call ...)
{DSA-5161-1}
- linux 5.17.11-1
NOTE: https://git.kernel.org/linus/9f46c187e2e680ecd9de7983e4d081c3391acc76
CVE-2022-1788 (Due to missing checks the Change Uploaded File Permissions WordPress p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1787 (The Sideblog WordPress plugin through 6.0 does not have CSRF check in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s io_uring s ...)
{DSA-5161-1}
- linux 5.14.6-1
@@ -5691,15 +5691,15 @@ CVE-2022-1783 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para ...)
NOT-FOR-US: erudika/para
CVE-2022-1781 (The postTabs WordPress plugin through 2.10.6 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1780 (The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1779 (The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1778
RESERVED
CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have authorisation c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1776
RESERVED
CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...)
@@ -5724,9 +5724,9 @@ CVE-2022-1775 (Weak Password Requirements in GitHub repository polonel/trudesk p
CVE-2022-1774 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1773 (The WP Athletics WordPress plugin through 1.1.7 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1772 (The Google Places Reviews WordPress plugin before 2.0.0 does not prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1771 (Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb
@@ -5746,31 +5746,31 @@ CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
NOTE: https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4 (v8.2.4974)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1768 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...)
- TODO: check
+ NOT-FOR-US: RSVPMaker plugin for WordPress
CVE-2022-1767 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1766
RESERVED
CVE-2022-1765 (The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1764 (The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1763 (Due to missing checks the Static Page eXtended WordPress plugin throug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1762 (The iQ Block Country WordPress plugin through 1.2.13 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1761 (The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1760
RESERVED
CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not have CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1757
RESERVED
CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1755
RESERVED
CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins Storable ...)
@@ -5838,9 +5838,9 @@ CVE-2022-1752 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
CVE-2022-1751
RESERVED
CVE-2022-1750 (The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: Sticky Popup plugin for WordPress
CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1748
RESERVED
CVE-2022-1747
@@ -6039,7 +6039,7 @@ CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.
NOTE: https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c (v8.2.4959)
NOTE: Negligible security impact; crash in CLI tool
CVE-2022-1724 (The Simple Membership WordPress plugin before 4.1.1 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1723 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub repositor ...)
@@ -6522,13 +6522,13 @@ CVE-2022-1712 (The LiveSync for WordPress plugin through 1.0 does not have CSRF
CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1710 (The Appointment Hour Booking WordPress plugin before 1.3.56 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1709 (The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1708 (A vulnerability was found in CRI-O that causes memory or disk space ex ...)
- cri-o <itp> (bug #979702)
CVE-2022-1707 (The Google Tag Manager for WordPress plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: Google Tag Manager for WordPress plugin for WordPress
CVE-2022-1706 (A vulnerability was found in Ignition where ignition configs are acces ...)
- ignition <unfixed>
NOTE: https://github.com/coreos/ignition/issues/1300
@@ -6781,7 +6781,7 @@ CVE-2022-1696
CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1 does not p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1694 (The Useful Banner Manager WordPress plugin through 1.6.1 does not perf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1693
RESERVED
CVE-2022-1692 (The CP Image Store with Slideshow WordPress plugin before 1.0.68 does ...)
@@ -7203,7 +7203,7 @@ CVE-2022-1626
CVE-2022-1625
RESERVED
CVE-2022-1624 (The Latest Tweets Widget WordPress plugin through 1.1.4 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30521 (The LAN-side Web-Configuration Interface has Stack-based Buffer Overfl ...)
NOT-FOR-US: D-Link
CVE-2022-30520
@@ -7728,7 +7728,7 @@ CVE-2022-1614
CVE-2022-1613
RESERVED
CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not protect i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1610
@@ -7736,15 +7736,15 @@ CVE-2022-1610
CVE-2022-1609
RESERVED
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does not hav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1607
RESERVED
CVE-2022-1606
RESERVED
CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1604 (The MailerLite WordPress plugin before 1.5.4 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1603
RESERVED
CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable D ...)
@@ -7780,9 +7780,9 @@ CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion
CVE-2022-1596
RESERVED
CVE-2022-1595 (The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1594 (The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1593
RESERVED
CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...)
@@ -8302,7 +8302,7 @@ CVE-2022-1551
CVE-2022-1550
REJECTED
CVE-2022-1549 (The WP Athletics WordPress plugin through 1.1.7 does not sanitize para ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly restric ...)
NOT-FOR-US: Mattermost Playbooks plugin
CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does not sanit ...)
@@ -8832,7 +8832,7 @@ CVE-2022-1533 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior
NOTE: https://huntr.dev/bounties/cb574ce1-fbf7-42ea-9e6a-91e17adecdc3
NOTE: https://github.com/bfabiszewski/libmobi/commit/eafc415bc6067e72577f70d6dd5acbf057ce6e6f (v0.11)
CVE-2022-1532 (Themify WordPress plugin before 1.3.8 does not sanitise and escape the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1531 (SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in ...)
NOT-FOR-US: RTX
CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehel ...)
@@ -10096,7 +10096,7 @@ CVE-2022-1414
CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting ...)
TODO: check
CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email in a pub ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...)
NOT-FOR-US: yetiforcecrm
CVE-2022-1410
@@ -11110,9 +11110,9 @@ CVE-2022-1338 (The Easily Generate Rest API Url WordPress plugin through 1.0.0 d
CVE-2022-1337 (The image proxy component in Mattermost version 6.4.1 and earlier allo ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1336 (The Carousel CK WordPress plugin through 1.1.0 does not sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1335 (The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1334 (The WP YouTube Live WordPress plugin before 1.8.3 does not validate, s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to properly chec ...)
@@ -13313,7 +13313,7 @@ CVE-2022-28342
CVE-2022-1209 (The Ultimate Member plugin for WordPress is vulnerable to open redirec ...)
NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2022-1208 (The Ultimate Member plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2022-1207 (Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6 ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/7b979e76-ae54-4132-b455-0833e45195eb
@@ -13363,7 +13363,7 @@ CVE-2022-1204
CVE-2022-1203 (The Content Mask WordPress plugin before 1.8.4.1 does not have authori ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1202 (The WP-CRM WordPress plugin through 1.2.1 does not validate and saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1201 (NULL Pointer Dereference in mrb_vm_exec with super in GitHub repositor ...)
- mruby <unfixed>
[bullseye] - mruby <no-dsa> (Minor issue)
@@ -13825,7 +13825,7 @@ CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an u
CVE-2022-28218 (An issue was discovered in CipherMail Webmail Messenger 1.1.1 through ...)
NOT-FOR-US: CipherMail Webmail Messenger
CVE-2022-28217 (Some part of SAP NetWeaver (EP Web Page Composer) does not sufficientl ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) - ve ...)
NOT-FOR-US: SAP
CVE-2022-28215 (SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, ...)
@@ -18311,7 +18311,7 @@ CVE-2022-0887 (The Easy Social Icons WordPress plugin before 3.1.4 does not sani
CVE-2022-0886
REJECTED
CVE-2022-0885 (The Member Hero WordPress plugin through 1.0.9 lacks authorization che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0883 (SLM has an issue with Windows Unquoted/Trusted Service Paths Security ...)
@@ -18956,7 +18956,7 @@ CVE-2022-21224
CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0863 (The WP SVG Icons WordPress plugin through 3.2.3 does not properly vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0862 (A lack of password change protection vulnerability in a depreciated AP ...)
NOT-FOR-US: McAfee
CVE-2022-0861 (A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orche ...)
@@ -19241,7 +19241,7 @@ CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior t
CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.39 uses the uniqid ph ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0827 (The Bestbooks WordPress plugin through 2.6.3 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0826 (The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper authori ...)
@@ -19850,7 +19850,7 @@ CVE-2022-0788 (The WP Fundraising Donation and Crowdfunding Platform WordPress p
CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0786 (The KiviCare WordPress plugin before 2.3.9 does not sanitise and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0785 (The Daily Prayer Time WordPress plugin before 2022.03.01 does not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...)
@@ -20619,7 +20619,7 @@ CVE-2022-0747 (The Infographic Maker WordPress plugin before 4.3.8 does not vali
CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr prior to ...)
- dolibarr <removed>
CVE-2022-0745 (The Like Button Rating WordPress plugin before 2.6.45 allows any logge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0744
RESERVED
CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time window, ...)
@@ -22307,7 +22307,7 @@ CVE-2022-0628 (The Mega Menu WordPress plugin before 3.0.8 does not sanitize and
CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0626 (The Advanced Admin Search WordPress plugin through 1.1.2 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0625 (The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0624
@@ -29589,7 +29589,7 @@ CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket
CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0209 (The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: Mitsol Social Post Feed plugin for WordPress
CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0207
@@ -91709,7 +91709,7 @@ CVE-2021-25118 (The Yoast SEO WordPress plugin before 17.3 discloses the full in
CVE-2021-25117
RESERVED
CVE-2021-25116 (The Enqueue Anything WordPress plugin through 1.0.1 does not have auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec9cf3b179467886b7959fe7301c9273e9ba5f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec9cf3b179467886b7959fe7301c9273e9ba5f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220613/5d629217/attachment.htm>
More information about the debian-security-tracker-commits
mailing list