[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 2 09:12:10 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1f9b311 by security tracker role at 2025-07-02T08:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2025-6687 (The Magic Buttons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-6686 (The Magic Buttons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-6464 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
+ TODO: check
+CVE-2025-6463 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
+ TODO: check
+CVE-2025-6459 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugi ...)
+ TODO: check
+CVE-2025-6437 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugi ...)
+ TODO: check
+CVE-2025-6017 (A flaw was found in Red Hat Advanced Cluster Management through versio ...)
+ TODO: check
+CVE-2025-5817 (The Amazon Products to WooCommerce plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-5746 (The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for ...)
+ TODO: check
+CVE-2025-5692 (The Lead Form Data Collection to CRM plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-5339 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugi ...)
+ TODO: check
+CVE-2025-5014 (The Home Villas | Real Estate WordPress Theme theme for WordPress is v ...)
+ TODO: check
+CVE-2025-52925 (In One Identity OneLogin Active Directory Connector before 6.1.5, encr ...)
+ TODO: check
+CVE-2025-52463 (Cross-site request forgery vulnerability exists in Active! mail 6 Buil ...)
+ TODO: check
+CVE-2025-52462 (Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: ...)
+ TODO: check
+CVE-2025-52101 (linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using ...)
+ TODO: check
+CVE-2025-4689 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugi ...)
+ TODO: check
+CVE-2025-4654 (The Soumettre.fr plugin for WordPress is vulnerable to unauthorized ac ...)
+ TODO: check
+CVE-2025-4381 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugi ...)
+ TODO: check
+CVE-2025-4380 (The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugi ...)
+ TODO: check
+CVE-2025-49741 (No cwe for this issue in Microsoft Edge (Chromium-based) allows an una ...)
+ TODO: check
+CVE-2025-3848 (The Download Manager and Payment Form WordPress Plugin \u2013 WP Smart ...)
+ TODO: check
+CVE-2025-36630 (In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was f ...)
+ TODO: check
+CVE-2025-24328 (Sending a crafted SOAP "set" operation message within the Mobile Netwo ...)
+ TODO: check
+CVE-2024-13786 (The education theme for WordPress is vulnerable to PHP Object Injectio ...)
+ TODO: check
+CVE-2024-13451 (The Contact Form by Bit Form: Multi Step Form, Calculation Contact For ...)
+ TODO: check
+CVE-2024-11405 (The WP Front-end login and register plugin for WordPress is vulnerable ...)
+ TODO: check
CVE-2025-6963 (A vulnerability has been found in Campcodes Employee Management System ...)
NOT-FOR-US: Campcodes
CVE-2025-6962 (A vulnerability, which was classified as critical, was found in Campco ...)
@@ -298,6 +352,7 @@ CVE-2024-12915 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2023-47310 (A misconfiguration in the default settings of MikroTik RouterOS 7 and ...)
NOT-FOR-US: MikroTik
CVE-2025-6554 (Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a ...)
+ {DSA-5955-1}
- chromium 138.0.7204.92-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-32463 (Sudo before 1.9.17p1 allows local users to obtain root access because ...)
@@ -617,7 +672,7 @@ CVE-2025-6762 (A vulnerability classified as critical has been found in diyhi bb
NOT-FOR-US: diyhi bbs
CVE-2025-6761 (A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Editi ...)
NOT-FOR-US: Kingdee Cloud-Starry-Sky Enterprise Edition
-CVE-2025-6705 (On open-vsx.org https://open-vsx.org/ it was possible to run an arbit ...)
+CVE-2025-6705 (A vulnerability in the Eclipse Open VSX Registry\u2019s automated publ ...)
NOT-FOR-US: https://open-vsx.org/
CVE-2025-6522 (Unauthenticated users on an adjacent network with the Sight Bulb Pro c ...)
NOT-FOR-US: Sight Bulb Pro
@@ -334127,7 +334182,7 @@ CVE-2021-36877 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uLi
NOT-FOR-US: WordPress plugin
CVE-2021-36876 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPres ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36875 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in Wo ...)
+CVE-2021-36875 (Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listing ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36874 (Authenticated Insecure Direct Object References (IDOR) vulnerability i ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f9b31158950142f0aac11f8b414b74dbf0ff52
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f9b31158950142f0aac11f8b414b74dbf0ff52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250702/7ba023ab/attachment.htm>
More information about the debian-security-tracker-commits
mailing list