[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Mar 20 08:14:25 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abe25931 by Salvatore Bonaccorso at 2025-03-20T09:14:06+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2025-30259 (The WhatsApp cloud service before late 2024 did not block certai
 CVE-2025-30092 (Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2 allows XSS in  ...)
 	TODO: check
 CVE-2025-2505 (The Age Gate plugin for WordPress is vulnerable to Local PHP File Incl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2108 (The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-27787 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
 	TODO: check
 CVE-2025-27786 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
@@ -39,29 +39,29 @@ CVE-2025-26816 (A vulnerability in Intrexx Portal Server 12.0.2 and earlier whic
 CVE-2025-22228 (BCryptPasswordEncoder.matches(CharSequence,String)will incorrectly ret ...)
 	TODO: check
 CVE-2025-1770 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1766 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1628
 	REJECTED
 CVE-2025-1385 (When the library bridge feature is enabled, the clickhouse-library-bri ...)
 	TODO: check
 CVE-2025-1314 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-55009 (A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibl ...)
 	TODO: check
 CVE-2024-13881 (The Link My Posts WordPress plugin through 1.0 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13880 (The My Quota WordPress plugin through 1.0.8 does not sanitise and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13878 (The SpotBot WordPress plugin through 0.1.8 does not sanitise and escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13877 (The Passbeemedia Web Push Notification WordPress plugin through 1.0.0  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13876 (The mEintopf WordPress plugin through 0.2.1 does not sanitise and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13875 (The WP-PManager WordPress plugin through 1.2 does not sanitise and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12016 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a certificate with  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe25931cdb79a79eb20f81ab194afebd83959b7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe25931cdb79a79eb20f81ab194afebd83959b7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/71703e6d/attachment.htm>
