[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 12 08:13:43 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a53dd38f by security tracker role at 2025-12-12T08:13:35+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -79,7 +79,7 @@ CVE-2025-54407 (Stored cross-site scripting vulnerability exists in GroupSession
CVE-2025-53523 (Stored cross-site scripting vulnerabilities exist in GroupSession Free ...)
TODO: check
CVE-2025-4970 (The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-34506 (WBCE CMS version 1.6.3 and prior contains an authenticated remote code ...)
TODO: check
CVE-2025-34504 (KodExplorer 4.52 contains an open redirect vulnerability in the user l ...)
@@ -93,121 +93,121 @@ CVE-2025-14537 (A weakness has been identified in code-projects Class and Exam T
CVE-2025-14536 (A security flaw has been discovered in code-projects Class and Exam Ti ...)
TODO: check
CVE-2025-14467 (The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14393 (The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14392 (The Simple Theme Changer plugin for WordPress is vulnerable to unautho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14391 (The Simple Theme Changer plugin for WordPress is vulnerable to Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14356 (The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14354 (The Resource Library for Logged In Users plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14344 (The Multi Uploader for Gravity Forms plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14293 (The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14170 (The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14169 (The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14166 (The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Inj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14165 (The Kirim.Email WooCommerce Integration plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14162 (The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14161 (The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14160 (The Upcoming for Calendly plugin for WordPress is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14158 (The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14143 (The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14138 (The WPLG Default Mail From plugin for WordPress is vulnerable to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14137 (The Simple AL Slider plugin for WordPress is vulnerable to Reflected C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14132 (The Category Dropdown List plugin for WordPress is vulnerable to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14129 (The Like DisLike Voting plugin for WordPress is vulnerable to Reflecte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14125 (The Complag plugin for WordPress is vulnerable to Reflected Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14119 (The App Landing Template Blocks for WPBakery (Visual Composer) Page Bu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14068 (The WPNakama plugin for WordPress is vulnerable to time-based SQL Inje ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14064 (The BuddyTask plugin for WordPress is vulnerable to unauthorized acces ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14062 (The Animated Pixel Marquee Creator plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14049 (The VikRentItems Flexible Rental Management System plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14048 (The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14045 (The URL Media Uploader plugin for WordPress is vulnerable to unauthori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14044 (The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Objec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14035 (The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14032 (The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13989 (The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13988 (The \u8bc4\u8bba\u5c0f\u79d8\u4e66 plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13987 (The Purchase and Expense Manager plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13975 (The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13972 (The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13971 (The TWW Protein Calculator plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13969 (The Reviews Sorted plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13966 (The Paypal Payment Shortcode plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13963 (The FX Currency Converter plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13962 (The Divelogs Widget plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13961 (The Data Visualizer plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13960 (The GPXpress plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13906 (The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13904 (The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13891 (The Image Gallery \u2013 Photo Grid & Video Gallery plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13889 (The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13886 (The LT Unleashed plugin for WordPress is vulnerable to Local File Incl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13885 (The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13884 (The Hide Email Address plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13866 (The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13850 (The LS Google Map Router plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13846 (The Easy Map Creator plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13843 (The VigLink SpotLight By ShortCode plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13840 (The BUKAZU Search widget plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13839 (The LJUsers plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13747 (The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13670 (The High Level Synthesis Compiler i++ command for Windows is vulnerabl ...)
TODO: check
CVE-2025-13669 (Uncontrolled Search Path Element vulnerability in Altera High Level Sy ...)
@@ -221,53 +221,53 @@ CVE-2025-13664 (A potential security vulnerability in Quartus\xae Prime Standard
CVE-2025-13663 (Under certain circumstances, the Quartus Prime Pro Installer for Windo ...)
TODO: check
CVE-2025-13660 (The Guest Support plugin for WordPress is vulnerable to User Email Dis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13440 (The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13408 (The Foxtool All-in-One: Contact chat button, Custom login, Media optim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13366 (The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13363 (The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13334 (The Blaze Demo Importer plugin for WordPress is vulnerable to unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13320 (The WP User Manager plugin for WordPress is vulnerable to Arbitrary Fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13314 (The Product Filtering by Categories, Tags, Price Range for WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13053 (When a user configures the NAS to retrieve UPS status or control the U ...)
- TODO: check
+ NOT-FOR-US: Asustor
CVE-2025-13052 (When the user set the Notification's sender to send emails to the SMTP ...)
- TODO: check
+ NOT-FOR-US: Asustor
CVE-2025-12968 (The Infility Global plugin for WordPress is vulnerable to arbitrary fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12963 (The LazyTasks \u2013 Project & Task Management with Collaboration, Kan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12883 (The Campay Woocommerce Payment Gateway plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12834 (The Accept Stripe Payments Using Contact Form 7 plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12830 (The Better Elementor Addons plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12824 (The Player Leaderboard plugin for WordPress is vulnerable to Local Fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12783 (The Premmerce Brands for WooCommerce plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12655 (The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12650 (The Simple post listing plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12570 (The Fancy Product Designer plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11876 (The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10684 (The Construction Light WordPress theme before 1.6.8 does not have auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10583 (The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10451 (Unchecked output buffer may allowed arbitrary code execution in SMM an ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2024-58313 (xbtitFM 4.1.18 contains an insecure file upload vulnerability that all ...)
TODO: check
CVE-2024-58312 (xbtitFM 4.1.18 contains a path traversal vulnerability that allows una ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a53dd38f330d8a850e32823814a2b0c8c32c2301
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a53dd38f330d8a850e32823814a2b0c8c32c2301
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251212/1554a8d4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list