[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 6 08:13:43 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2bb782b8 by security tracker role at 2025-12-06T08:13:35+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-8148 (An Improper Access Control in the SFTP service in Fortra's GoAnywhere  ...)
-	TODO: check
+	NOT-FOR-US: Fortra
 CVE-2025-66629 (HedgeDoc is an open source, real-time, collaborative, markdown notes a ...)
 	TODO: check
 CVE-2025-34291 (Langflow versions up to and including 1.6.9 contain a chained vulnerab ...)
@@ -19,71 +19,71 @@ CVE-2025-14106 (A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.02100
 CVE-2025-14105 (A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47 ...)
 	TODO: check
 CVE-2025-13922 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with Open ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13907 (The CSS3 Buttons plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13899 (The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13898 (The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13896 (The Social Feed Gallery Portfolio plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13894 (The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13863 (The RevInsite plugin for WordPress is vulnerable to Stored Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13857 (The Yet Another WebClap for WordPress plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13856 (The Extra Post Images plugin for WordPress is vulnerable to Stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13748 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Co ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13666 (The Helloprint plugin for WordPress is vulnerable to Missing Authoriza ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13656 (The Cute News Ticker plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13629 (The WP Landing Page plugin for WordPress is vulnerable to Cross-Site R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13626 (The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13426 (A vulnerability exists in Google  Apigee's JavaCallout policy https:// ...)
 	TODO: check
 CVE-2025-13377 (The 10Web Booster \u2013 Website speed optimization, Cache & Page Spee ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13358 (The Accessiy By CodeConfig Accessibility plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13309 (The Accessiy By CodeConfig Accessibility \u2013 Easy One-Click Accessi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13308 (The Application Passwords plugin for WordPress is vulnerable to Reflec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13292 (A vulnerability in Apigee-X allowed an attacker to gain unauthorized r ...)
 	TODO: check
 CVE-2025-13137 (The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12721 (The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Info ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12720 (The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized m ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12717 (The List Attachments Shortcode plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12715 (The Canadian Nutrition Facts Label plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12673 (The Flex QR Code Generator plugin for WordPress is vulnerable to arbit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12577 (The Listar \u2013 Directory Listing & Classifieds WordPress Plugin plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12574 (The Listar \u2013 Directory Listing & Classifieds WordPress Plugin plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12510 (The Widgets for Google Reviews plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12505 (The weDocs plugin for WordPress is vulnerable to unauthorized access i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12499 (The Rich Shortcodes for Google Reviews plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12091 (The Search, Filters & Merchandising for WooCommerce plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11263 (The Link Whisper Free plugin for WordPress is vulnerable to Reflected  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6966 (NULL pointer dereference in TagSection.keys() in python-apt on APT-bas ...)
 	- python-apt <unfixed>
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bb782b8120ca276142cf5e84d079b96ac38f6b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bb782b8120ca276142cf5e84d079b96ac38f6b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251206/1a7796aa/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list