[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 14 08:12:05 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a65bd226 by security tracker role at 2025-03-14T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2025-30022 (CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to c ...)
+	TODO: check
+CVE-2025-2289 (The Zegen - Church WordPress Theme theme for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2025-2221 (The WPCOM Member plugin for WordPress is vulnerable to time-based SQL  ...)
+	TODO: check
+CVE-2025-2166 (The CM FAQ  \u2013 Simplify support with an intuitive FAQ management t ...)
+	TODO: check
+CVE-2025-2103 (The SoundRise Music plugin for WordPress is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2025-2056 (The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall plugin for  ...)
+	TODO: check
+CVE-2025-26163 (CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to c ...)
+	TODO: check
+CVE-2025-24855 (numbers.c in libxslt before 1.1.43 has a use-after-free because, in ne ...)
+	TODO: check
+CVE-2025-1764 (The LoginPress | wp-login Custom Login Page Customizer plugin for Word ...)
+	TODO: check
+CVE-2025-1528 (The Search & Filter Pro plugin for WordPress is vulnerable to unauthor ...)
+	TODO: check
+CVE-2025-1526 (The DethemeKit for Elementor plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2025-1285 (The Resido - Real Estate WordPress Theme theme for WordPress is vulner ...)
+	TODO: check
+CVE-2025-1266
+	REJECTED
+CVE-2025-0955 (The VidoRev Extensions plugin for WordPress is vulnerable to unauthori ...)
+	TODO: check
+CVE-2025-0952 (The Eco Nature - Environment & Ecology WordPress Theme theme for WordP ...)
+	TODO: check
+CVE-2024-55549 (xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free i ...)
+	TODO: check
+CVE-2024-55060 (A cross-site scripting (XSS) vulnerability in the component index.php  ...)
+	TODO: check
+CVE-2024-13913 (The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for W ...)
+	TODO: check
+CVE-2024-13824 (The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is v ...)
+	TODO: check
+CVE-2024-13407 (The Omnipress plugin for WordPress is vulnerable to Information Exposu ...)
+	TODO: check
+CVE-2024-13376 (The Industrial theme for WordPress is vulnerable to unauthorized modif ...)
+	TODO: check
+CVE-2024-13321 (The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection vi ...)
+	TODO: check
+CVE-2024-11286 (The WP JobHunt plugin for WordPress is vulnerable to authentication by ...)
+	TODO: check
+CVE-2024-11285 (The WP JobHunt plugin for WordPress is vulnerable to privilege escalat ...)
+	TODO: check
+CVE-2024-11284 (The WP JobHunt plugin for WordPress is vulnerable to privilege escalat ...)
+	TODO: check
+CVE-2024-11283 (The WP JobHunt plugin for WordPress is vulnerable to authentication by ...)
+	TODO: check
 CVE-2024-11235
 	- php8.4 8.4.5-1
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477
@@ -3939,7 +3991,7 @@ CVE-2024-41335 (Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE20
 	NOT-FOR-US: Draytek
 CVE-2024-41334 (Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prio ...)
 	NOT-FOR-US: Draytek
-CVE-2024-38292 (In XIQ-SE before 24.2.11, due to a missing access control check, a pat ...)
+CVE-2024-38292 (In Extreme Networks XIQ-SE before 24.2.11, due to a missing access con ...)
 	NOT-FOR-US: XIQ-SE
 CVE-2024-38291 (In XIQ-SE before 24.2.11, a low-privileged user may be able to access  ...)
 	NOT-FOR-US: XIQ-SE



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a65bd2260b3116103a5b0da68f782e69415393c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a65bd2260b3116103a5b0da68f782e69415393c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250314/b30425a4/attachment.htm>

More information about the debian-security-tracker-commits mailing list