[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 5 20:18:12 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95e8315d by Salvatore Bonaccorso at 2025-03-05T21:17:50+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,27 +33,27 @@ CVE-2025-20206 (A vulnerability in the interprocess communication (IPC) channel
 CVE-2025-1714 (Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to  ...)
 	TODO: check
 CVE-2025-1702 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1515 (The WP Real Estate Manager plugin for WordPress is vulnerable to Authe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1463 (The Spreadsheet Integration plugin for WordPress is vulnerable to Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1435 (The bbPress plugin for WordPress is vulnerable to Cross-Site Request F ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1393 (An unauthenticated remote attacker can use hard-coded credentials to g ...)
 	TODO: check
 CVE-2025-1008 (The Recently Purchased Products For Woo plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0990 (The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Reque ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0956 (The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0954 (The WP Online Contract plugin for WordPress is vulnerable to unauthori ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8682 (The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5667 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-53458 (Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) con ...)
 	TODO: check
 CVE-2024-51144 (Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.p ...)
@@ -63,61 +63,61 @@ CVE-2024-48246 (Vehicle Management System 1.0 contains a Stored Cross-Site Scrip
 CVE-2024-31525 (Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access C ...)
 	TODO: check
 CVE-2024-13866 (The Simple Notification plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13839 (The Staff Directory Plugin: Company Directory plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13827 (The Razorpay Subscription Button Elementor Plugin plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13815 (The The Listingo theme for WordPress is vulnerable to arbitrary shortc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13811 (The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce The ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13810 (The Zass - WooCommerce Theme for Handmade Artists and Artisans theme f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13809 (The Hero Slider - WordPress Slider Plugin plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13787 (The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13780 (The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13779 (The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13778 (The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13777 (The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13757 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13747 (The WooMail - WooCommerce Email Customizer plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13471 (The DesignThemes Core Features plugin for WordPress is vulnerable to u ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13423 (The Sparkling theme for WordPress is vulnerable to unauthorized plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13350 (The SearchIQ \u2013 The Search Solution plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13232 (The WordPress Awesome Import & Export Plugin - Import & Export WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13147 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2024-12815 (The Point Maker plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12799 (Insufficiently Protected Credentials vulnerability in OpenText Identit ...)
 	TODO: check
 CVE-2024-12650 (An attacker with low privileges can manipulate the requested memory si ...)
 	TODO: check
 CVE-2024-12281 (The Homey theme for WordPress is vulnerable to privilege escalation in ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12097 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2024-11951 (The Homey Login Register plugin for WordPress is vulnerable to privile ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11731 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11216 (Authorization Bypass Through User-Controlled Key, Exposure of Private  ...)
 	TODO: check
 CVE-2024-11153 (The Content Control \u2013 The Ultimate Content Restriction Plugin! Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11035 (Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible  ...)
 	TODO: check
 CVE-2023-38693 (Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scrip ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95e8315d15aea7a3d9ce9115d165cfa65c738895

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95e8315d15aea7a3d9ce9115d165cfa65c738895
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250305/0ae0329d/attachment.htm>

More information about the debian-security-tracker-commits mailing list