[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Sat May 3 09:13:23 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb886278 by security tracker role at 2025-05-03T08:13:16+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2025-4222 (The Database Toolset plugin for WordPress is vulnerable to Sensitive I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4218 (A vulnerability was found in handrew browserpilot up to 0.2.51. It has ...)
 	TODO: check
 CVE-2025-4215 (A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It ...)
 	TODO: check
 CVE-2025-4199 (The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4198 (The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4188 (The Advanced Reorder Image Text Slider plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4172 (The VerticalResponse Newsletter Widget plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4170 (The Xavin's Review Ratings plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4168 (The Subpage List plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-47229 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a d ...)
 	TODO: check
 CVE-2025-47226 (Grokability Snipe-IT before 8.1.0 has incorrect authorization for acce ...)
@@ -23,11 +23,11 @@ CVE-2025-47226 (Grokability Snipe-IT before 8.1.0 has incorrect authorization fo
 CVE-2025-46723 (OpenVM is a performant and modular zkVM framework built for customizat ...)
 	TODO: check
 CVE-2025-3918 (The Job Listings plugin for WordPress is vulnerable to Privilege Escal ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3815 (The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3779 (The Personizely plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-21572 (OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when ...)
 	TODO: check
 CVE-2025-0782 (A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows  ...)
@@ -35,7 +35,7 @@ CVE-2025-0782 (A vulnerability in the S3 bucket configuration for h2oai/h2o-3 al
 CVE-2024-55069 (ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_ ...)
 	TODO: check
 CVE-2024-13738 (The The Motors - Car Dealer, Rental & Listing WordPress theme theme fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4214 (A vulnerability was found in PHPGuruku Online DJ Booking Management Sy ...)
 	NOT-FOR-US: PHPGuruku Online DJ Booking Management System
 CVE-2025-4213 (A vulnerability has been found in PHPGurukul Online Birth Certificate  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb88627846d46dab2a6445dda2716cebda1929be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb88627846d46dab2a6445dda2716cebda1929be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250503/55223e26/attachment.htm>
