[Git][security-tracker-team/security-tracker][master] update wordpress metadata

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Dec 9 22:55:41 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
87a57d57 by Moritz Mühlenhoff at 2025-12-09T23:55:05+01:00
update wordpress metadata

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25512,6 +25512,7 @@ CVE-2025-58674 (Improper Neutralization of Input During Web Page Generation ('Cr
 	{DLA-4358-1}
 	- wordpress 6.8.3+dfsg1-1 (bug #1117047)
 	NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
+	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-9/
 CVE-2025-58473 (An improper resource shutdown or release vulnerability has been identi ...)
 	NOT-FOR-US: Click Plus devices
 CVE-2025-58354 (Kata Containers is an open source project focusing on a standard imple ...)
@@ -25524,6 +25525,7 @@ CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data vulnerability
 	{DLA-4358-1}
 	- wordpress 6.8.3+dfsg1-1 (bug #1117047)
 	NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
+	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-9/
 CVE-2025-58069 (The use of a hard-coded cryptographic key was discovered in firmware v ...)
 	NOT-FOR-US: Click Plus PLC
 CVE-2025-57882 (An improper resource shutdown or release vulnerability has been identi ...)
@@ -47610,9 +47612,9 @@ CVE-2025-7344 (The EAI developed by Digiwin has a Privilege Escalation vulnerabi
 CVE-2025-7343 (The SFT developed by Digiwin has a SQL Injection vulnerability, allowi ...)
 	NOT-FOR-US: Digiwin
 CVE-2025-54352 (WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of ...)
-	- wordpress <unfixed> (bug #1109678)
-	[bullseye] - wordpress <postponed> (Minor issue, minor infoleak, no upstream response, workarounds exist)
+	- wordpress <unfixed> (unimportant; bug #1109678)
 	NOTE: https://www.imperva.com/blog/beware-a-threat-actor-could-steal-the-titles-of-your-private-and-draft-wordpress-posts/
+	NOTE: Negligible security impact
 CVE-2025-54319 (An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A th ...)
 	NOT-FOR-US: Westermo WeOS
 CVE-2025-53771 (Improper authentication in Microsoft Office SharePoint allows an unaut ...)
@@ -162463,6 +162465,7 @@ CVE-2024-6307 (WordPress Core is vulnerable to Stored Cross-Site Scripting via t
 	{DLA-4358-1}
 	- wordpress 6.5.5+dfsg1-1 (bug #1074486)
 	NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
+	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-7/
 	NOTE: https://core.trac.wordpress.org/changeset/58473
 	NOTE: https://core.trac.wordpress.org/changeset/58472
 CVE-2024-6306
@@ -162572,6 +162575,7 @@ CVE-2024-31111 (Improper Neutralization of Input During Web Page Generation (XSS
 	{DLA-4358-1}
 	- wordpress 6.5.5+dfsg1-1 (bug #1074486)
 	NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
+	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-7/
 CVE-2024-28832 (Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7 ...)
 	- check-mk <removed>
 CVE-2024-28831 (Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3 ...)
@@ -187598,6 +187602,7 @@ CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via u
 	[bullseye] - wordpress <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
 	NOTE: https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
+	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-6/
 	NOTE: https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=57950%40%2F&new=57950%40%2F&sfp_email=&sfph_mail=#file3
 	NOTE: https://core.trac.wordpress.org/changeset/57951/branches/6.4/src/wp-includes/blocks/avatar.php
 CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames that wo ...)
@@ -191023,6 +191028,7 @@ CVE-2023-6522 (Incorrect Use of Privileged APIs vulnerability in ExtremePacs Ext
 	NOT-FOR-US: ExtremePacs Extreme XDS
 CVE-2023-5692 (WordPress Core is vulnerable to Sensitive Information Exposure in vers ...)
 	- wordpress 6.5+dfsg1-1
+	[bookworm] - wordpress <ignored> (Minor issue)
 	[bullseye] - wordpress <ignored> (Minor issue)
 	NOTE: https://core.trac.wordpress.org/changeset/57645
 CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87a57d57084c59183e533a18ba8465a3da354ac9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87a57d57084c59183e533a18ba8465a3da354ac9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/02fba3e8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list