[Git][security-tracker-team/security-tracker][master] Process may NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 7 21:38:26 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ed6069e by Salvatore Bonaccorso at 2025-05-07T22:35:49+02:00
Process may NFUs
The WordPress plugin ones cannot really be catched directly by CNA,
ahtough maybe we should bite the bullet or we come up with another
approach for those.
The scope of CNA: Patchstack is wider and can cover "Vulnerabilities in
third-party products discovered by Patchstack and Patchstack Bug Bounty
program unless covered by the scope of another CNA." but it might be
possible to catch those differently.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,315 +1,315 @@
CVE-2025-4104 (The Frontend Dashboard plugin for WordPress is vulnerable to Privilege ...)
NOT-FOR-US: WordPress plugin
CVE-2025-47692 (Missing Authorization vulnerability in contentstudio ContentStudio all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47691 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47688 (Missing Authorization vulnerability in Saad Iqbal Advanced File Manage ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47686 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47684 (Cross-Site Request Forgery (CSRF) vulnerability in Smaily Smaily for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47683 (Deserialization of Untrusted Data vulnerability in Florent Maillefaud ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47681 (Cross-Site Request Forgery (CSRF) vulnerability in Ability, Inc Web Ac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47679 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47677 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47675 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47674 (Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47669 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47668 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47667 (Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47665 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47664 (Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47662 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47661 (Cross-Site Request Forgery (CSRF) vulnerability in codemstory \uc6cc\u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47659 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47657 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47656 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47655 (Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 the ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47653 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47649 (Path Traversal vulnerability in ilmosys Open Close WooCommerce Store a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47648 (Cross-Site Request Forgery (CSRF) vulnerability in axima Pays \u2013 W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47647 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47644 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47643 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47639 (Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47636 (Path Traversal vulnerability in Fernando Briano List category posts al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47635 (Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem We ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47633 (Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin \u2013 Ad ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47632 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47629 (Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47628 (Missing Authorization vulnerability in quomodosoft QS Dark Mode allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47626 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47625 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47624 (Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47623 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47622 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47620 (Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins F ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47617 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47616 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47615 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47614 (Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessBut ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47612 (Missing Authorization vulnerability in flowdee ClickWhale allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47609 (Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47607 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47606 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47605 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47604 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47602 (Missing Authorization vulnerability in ammarahmad786 Calculate Prices ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47597 (Cross-Site Request Forgery (CSRF) vulnerability in Maulik Vora WP Podc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47596 (Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Beacon ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47594 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47591 (Missing Authorization vulnerability in CreedAlly Bulk Featured Image a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47590 (Cross-Site Request Forgery (CSRF) vulnerability in John Dagelmore WPSp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47589 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47587 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47551 (Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed a ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47550 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47549 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47548 (Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47546 (Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47545 (Concurrent Execution using Shared Resource with Improper Synchronizati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47544 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47543 (Cross-Site Request Forgery (CSRF) vulnerability in themetechmount True ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47542 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple cale ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47540 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47538 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47537 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47533 (Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graph ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47531 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47528 (Missing Authorization vulnerability in pewilliams Ovation Elements all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47526 (Missing Authorization vulnerability in GS Plugins GS Variation Swatche ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47524 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47523 (Cross-Site Request Forgery (CSRF) vulnerability in Luk\xe1\u0161 Hartm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47522 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47521 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47519 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47518 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47517 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Acce ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47516 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47515 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47514 (Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related P ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47510 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47508 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47507 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47504 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47503 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47499 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47498 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47497 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47496 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47495 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47494 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47493 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47491 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47490 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47489 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47488 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47486 (Missing Authorization vulnerability in CyberChimps Gutenberg & Element ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47485 (Missing Authorization vulnerability in CozyThemes Cozy Blocks allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47484 (Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Dis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47483 (Server-Side Request Forgery (SSRF) vulnerability in Iulia Cazan Easy R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47482 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47481 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47480 (Missing Authorization vulnerability in Iqonic Design Graphina allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47476 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47475 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47473 (Cross-Site Request Forgery (CSRF) vulnerability in pimwick PW WooComme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47472 (Missing Authorization vulnerability in codepeople Music Player for Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47471 (Missing Authorization vulnerability in EnvoThemes Envo Extra allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47470 (Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Cont ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47469 (Missing Authorization vulnerability in slui Media Hygiene allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47468 (Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47467 (Missing Authorization vulnerability in GS Plugins GS Testimonial Slide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47466 (Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47465 (Missing Authorization vulnerability in CreativeThemes Blocksy allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47464 (Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47462 (Cross-Site Request Forgery (CSRF) vulnerability in Ohidul Islam Challa ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47460 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47459 (Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio WP Fund ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47457 (Missing Authorization vulnerability in dgamoni LocateAndFilter allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47456 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47455 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47454 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47451 (Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Pr ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47450 (Missing Authorization vulnerability in Mitchell Bennis Simple File Lis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47449 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47448 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47446 (Cross-Site Request Forgery (CSRF) vulnerability in listamester Listame ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47443 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47441 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47440 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47439 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47423 (Personal Weather Station Dashboard 12_lts allows unauthenticated remot ...)
- TODO: check
+ NOT-FOR-US: Personal Weather Station Dashboard
CVE-2025-47203 (dbclient in Dropbear SSH before 2025.88 allows command injection via a ...)
TODO: check
CVE-2025-46828 (WeGIA is a web manager for charitable institutions. An unauthenticate ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ed6069e2f8b107c426158117f13b2269bb44c74
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ed6069e2f8b107c426158117f13b2269bb44c74
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250507/ece9e204/attachment.htm>
More information about the debian-security-tracker-commits
mailing list