[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 16 09:12:16 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a6c889c by security tracker role at 2025-05-16T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,521 @@
+CVE-2025-4759 (Versions of the package lockfile-lint-api before 5.9.2 are vulnerable ...)
+ TODO: check
+CVE-2025-4757 (A vulnerability was found in PHPGurukul Beauty Parlour Management Syst ...)
+ TODO: check
+CVE-2025-4756 (A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It ...)
+ TODO: check
+CVE-2025-4755 (A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It ...)
+ TODO: check
+CVE-2025-4753 (A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125) and ...)
+ TODO: check
+CVE-2025-4752 (A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125 ...)
+ TODO: check
+CVE-2025-4751 (A vulnerability, which was classified as problematic, was found in D-L ...)
+ TODO: check
+CVE-2025-4750 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-4749 (A vulnerability classified as critical was found in D-Link DI-7003GV2 ...)
+ TODO: check
+CVE-2025-4747 (A vulnerability was found in Bohua NetDragon Firewall 1.0 and classifi ...)
+ TODO: check
+CVE-2025-4746 (A vulnerability has been found in Campcodes Sales and Inventory System ...)
+ TODO: check
+CVE-2025-4745 (A vulnerability, which was classified as problematic, was found in cod ...)
+ TODO: check
+CVE-2025-4744 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-4743 (A vulnerability classified as critical was found in code-projects Empl ...)
+ TODO: check
+CVE-2025-4742 (A vulnerability classified as problematic has been found in XU-YIJIE g ...)
+ TODO: check
+CVE-2025-4741 (A vulnerability was found in Campcodes Sales and Inventory System 1.0. ...)
+ TODO: check
+CVE-2025-4740 (A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been ...)
+ TODO: check
+CVE-2025-4739 (A vulnerability was found in projectworlds Hospital Database Managemen ...)
+ TODO: check
+CVE-2025-4736 (A vulnerability was found in PHPGurukul Daily Expense Tracker 1.1 and ...)
+ TODO: check
+CVE-2025-4735 (A vulnerability has been found in Campcodes Sales and Inventory System ...)
+ TODO: check
+CVE-2025-4734 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2025-4733 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2025-4732 (A vulnerability classified as critical was found in TOTOLINK A3002R an ...)
+ TODO: check
+CVE-2025-4731 (A vulnerability classified as critical has been found in TOTOLINK A300 ...)
+ TODO: check
+CVE-2025-4730 (A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B202308 ...)
+ TODO: check
+CVE-2025-4729 (A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B202308 ...)
+ TODO: check
+CVE-2025-4728 (A vulnerability was found in SourceCodester Best Online News Portal 1. ...)
+ TODO: check
+CVE-2025-4727 (A vulnerability was found in Meteor up to 3.2.1 and classified as prob ...)
+ TODO: check
+CVE-2025-4726 (A vulnerability has been found in itsourcecode Placement Management Sy ...)
+ TODO: check
+CVE-2025-4725 (A vulnerability, which was classified as critical, was found in itsour ...)
+ TODO: check
+CVE-2025-4724 (A vulnerability, which was classified as critical, has been found in i ...)
+ TODO: check
+CVE-2025-4723 (A vulnerability classified as critical was found in itsourcecode Place ...)
+ TODO: check
+CVE-2025-4722 (A vulnerability classified as critical has been found in itsourcecode ...)
+ TODO: check
+CVE-2025-4721 (A vulnerability was found in itsourcecode Placement Management System ...)
+ TODO: check
+CVE-2025-4720 (A vulnerability was found in SourceCodester Student Result Management ...)
+ TODO: check
+CVE-2025-4719 (A vulnerability was found in Campcodes Sales and Inventory System 1.0 ...)
+ TODO: check
+CVE-2025-4718 (A vulnerability has been found in Campcodes Sales and Inventory System ...)
+ TODO: check
+CVE-2025-4209
+ REJECTED
+CVE-2025-4169 (The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-48175 (In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer o ...)
+ TODO: check
+CVE-2025-48174 (In libavif before 1.3.0, makeRoom in stream.c has an integer overflow ...)
+ TODO: check
+CVE-2025-47930 (Zulip is an open-source team chat application. Starting in version 10. ...)
+ TODO: check
+CVE-2025-47929 (DumbDrop, a file upload application that provides an interface for dra ...)
+ TODO: check
+CVE-2025-47928 (Spotipy is a Python library for the Spotify Web API. As of commit 4f57 ...)
+ TODO: check
+CVE-2025-47809 (Wibu CodeMeter before 8.30a sometimes allows privilege escalation imme ...)
+ TODO: check
+CVE-2025-47287 (Tornado is a Python web framework and asynchronous networking library. ...)
+ TODO: check
+CVE-2025-47275 (Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management ...)
+ TODO: check
+CVE-2025-3624 (Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hi ...)
+ TODO: check
+CVE-2025-3516 (The Simple Lightbox WordPress plugin before 2.9.4 does not validate an ...)
+ TODO: check
+CVE-2025-3201 (The Contact Form builder with drag & drop for WordPress WordPress plu ...)
+ TODO: check
+CVE-2025-2248 (The WP-PManager WordPress plugin through 1.2 does not sanitize and esc ...)
+ TODO: check
+CVE-2025-2247 (The WP-PManager WordPress plugin through 1.2 does not have CSRF check ...)
+ TODO: check
+CVE-2025-2203 (The FunnelKit WordPress plugin before 3.10.2 does not sanitize and es ...)
+ TODO: check
+CVE-2025-1531 (Authentication credentials leakage vulnerability in Hitachi Ops Cente ...)
+ TODO: check
+CVE-2025-1454 (The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and e ...)
+ TODO: check
+CVE-2025-1303 (The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise a ...)
+ TODO: check
+CVE-2025-1289 (The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise a ...)
+ TODO: check
+CVE-2025-1288 (The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check i ...)
+ TODO: check
+CVE-2025-1286 (The Download HTML TinyMCE Button WordPress plugin through 1.2 does not ...)
+ TODO: check
+CVE-2025-1245 (Bypass Connection Restriction vulnerability in Hitachi Infrastructure ...)
+ TODO: check
+CVE-2025-1138 (IBM InfoSphere Information Server 11.7 could disclose sensitive inform ...)
+ TODO: check
+CVE-2025-1033 (The Badgearoo WordPress plugin through 1.0.14 does not sanitise and es ...)
+ TODO: check
+CVE-2025-0921 (Execution with Unnecessary Privileges vulnerability in the Pager agent ...)
+ TODO: check
+CVE-2025-0688 (The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress p ...)
+ TODO: check
+CVE-2025-0687 (The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress p ...)
+ TODO: check
+CVE-2025-0329 (The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not s ...)
+ TODO: check
+CVE-2024-9882 (The Salon Booking System, Appointment Scheduling for Salons, Spas & Sm ...)
+ TODO: check
+CVE-2024-9879 (The Melapress File Monitor WordPress plugin before 2.1.1 does not sani ...)
+ TODO: check
+CVE-2024-9838 (The Auto Affiliate Links WordPress plugin before 6.4.7 does not saniti ...)
+ TODO: check
+CVE-2024-9831 (The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and e ...)
+ TODO: check
+CVE-2024-9765 (The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logg ...)
+ TODO: check
+CVE-2024-9711 (The EKC Tournament Manager WordPress plugin before 2.2.2 does not have ...)
+ TODO: check
+CVE-2024-9709 (The EKC Tournament Manager WordPress plugin before 2.2.2 does not have ...)
+ TODO: check
+CVE-2024-9663 (The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and es ...)
+ TODO: check
+CVE-2024-9662 (The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and es ...)
+ TODO: check
+CVE-2024-9645 (The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry ...)
+ TODO: check
+CVE-2024-9599 (The Popup Box WordPress plugin before 4.7.8 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-9450 (The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordP ...)
+ TODO: check
+CVE-2024-9390 (The RegistrationMagic WordPress plugin before 6.0.2.1 does not saniti ...)
+ TODO: check
+CVE-2024-9238 (The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uplo ...)
+ TODO: check
+CVE-2024-9236 (The Team WordPress plugin before 4.4.2 does not sanitise and escape s ...)
+ TODO: check
+CVE-2024-9233 (The Logo Slider WordPress plugin before 3.7.1 does not have CSRF chec ...)
+ TODO: check
+CVE-2024-9227 (The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11 ...)
+ TODO: check
+CVE-2024-9182 (The Maspik WordPress plugin before 2.1.3 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-8854 (The Polls CP WordPress plugin before 1.0.77 does not sanitise and esca ...)
+ TODO: check
+CVE-2024-8851 (The Polls CP WordPress plugin before 1.0.77 does not sanitise and esca ...)
+ TODO: check
+CVE-2024-8759 (The Nested Pages WordPress plugin before 3.2.9 does not sanitise and e ...)
+ TODO: check
+CVE-2024-8703 (The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and e ...)
+ TODO: check
+CVE-2024-8702 (The Backup Database WordPress plugin through 4.9 does not sanitise and ...)
+ TODO: check
+CVE-2024-8701 (The events-calendar WordPress plugin through 1.0.4 does not sanitise a ...)
+ TODO: check
+CVE-2024-8700 (The Event Calendar WordPress plugin through 1.0.4 does not check for a ...)
+ TODO: check
+CVE-2024-8699 (The Z-Downloads WordPress plugin before 1.11.5 does not properly valid ...)
+ TODO: check
+CVE-2024-8673 (The Z-Downloads WordPress plugin before 1.11.7 does not properly valid ...)
+ TODO: check
+CVE-2024-8670 (The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sa ...)
+ TODO: check
+CVE-2024-8620 (The MapPress Maps for WordPress plugin before 2.93 does not sanitise a ...)
+ TODO: check
+CVE-2024-8619 (The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise ...)
+ TODO: check
+CVE-2024-8618 (The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sa ...)
+ TODO: check
+CVE-2024-8617 (The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and e ...)
+ TODO: check
+CVE-2024-8542 (The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise a ...)
+ TODO: check
+CVE-2024-8493 (The Events Calendar WordPress plugin before 6.6.4 does not sanitise an ...)
+ TODO: check
+CVE-2024-8492 (The Hustle WordPress plugin through 7.8.5 does not sanitise and escap ...)
+ TODO: check
+CVE-2024-8426 (The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sa ...)
+ TODO: check
+CVE-2024-8398 (The Simple Nav Archives WordPress plugin through 2.1.3 does not have C ...)
+ TODO: check
+CVE-2024-8397 (The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does n ...)
+ TODO: check
+CVE-2024-8286 (The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does n ...)
+ TODO: check
+CVE-2024-8284 (The Download Manager WordPress plugin before 3.2.99 does not sanitise ...)
+ TODO: check
+CVE-2024-8245 (The GamiPress WordPress plugin before 1.0.1 does not have CSRF check ...)
+ TODO: check
+CVE-2024-8201 (Cross-Site WebSocket Hijackingvulnerability in Hitachi Ops Center Anal ...)
+ TODO: check
+CVE-2024-8187 (The Smart Post Show WordPress plugin before 3.0.1 does not sanitise a ...)
+ TODO: check
+CVE-2024-8095 (The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in ...)
+ TODO: check
+CVE-2024-8094 (The Ntz Antispam WordPress plugin through 2.0e does not have CSRF chec ...)
+ TODO: check
+CVE-2024-8090 (The JavaScript Logic WordPress plugin through 0.1 does not have CSRF c ...)
+ TODO: check
+CVE-2024-8085 (The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check ...)
+ TODO: check
+CVE-2024-8082 (The Widgets Reset WordPress plugin through 0.1 does not have CSRF chec ...)
+ TODO: check
+CVE-2024-8050 (The Custom Author Base WordPress plugin through 1.1.1 does not have CS ...)
+ TODO: check
+CVE-2024-8032 (The Smooth Gallery Replacement WordPress plugin through 1.0 does not h ...)
+ TODO: check
+CVE-2024-8031 (The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does ...)
+ TODO: check
+CVE-2024-8009 (The Sensei LMS WordPress plugin before 4.20.0 disclose all users of t ...)
+ TODO: check
+CVE-2024-7984 (The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSR ...)
+ TODO: check
+CVE-2024-7769 (The ClickSold IDX WordPress plugin through 1.90 does not sanitise and ...)
+ TODO: check
+CVE-2024-7762 (The Simple Job Board WordPress plugin before 2.12.6 does not prevent u ...)
+ TODO: check
+CVE-2024-7761 (In the process of testing the Simple Job Board WordPress plugin before ...)
+ TODO: check
+CVE-2024-7759 (The PWA for WP WordPress plugin before 1.7.72 does not sanitise and e ...)
+ TODO: check
+CVE-2024-7758 (The Stylish Price List WordPress plugin before 7.1.8 does not sanitis ...)
+ TODO: check
+CVE-2024-7556 (The Simple Share WordPress plugin through 0.5.3 does not sanitise and ...)
+ TODO: check
+CVE-2024-6809 (The Simple Video Directory WordPress plugin before 1.4.3 does not prop ...)
+ TODO: check
+CVE-2024-6798 (The DL Verification WordPress plugin through 1.2 does not sanitise and ...)
+ TODO: check
+CVE-2024-6797 (The DL Robots.txt WordPress plugin through 1.2 does not sanitise and e ...)
+ TODO: check
+CVE-2024-6719 (The Offload Videos WordPress plugin before 1.0.1 does not have CSRF c ...)
+ TODO: check
+CVE-2024-6718 (The PVN Auth Popup WordPress plugin through 1.0.0 does not validate an ...)
+ TODO: check
+CVE-2024-6713 (The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise an ...)
+ TODO: check
+CVE-2024-6712 (The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF ch ...)
+ TODO: check
+CVE-2024-6711 (The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 do ...)
+ TODO: check
+CVE-2024-6708 (The User Profile Builder WordPress plugin before 3.12.2 does not sani ...)
+ TODO: check
+CVE-2024-6693 (The wccp-pro WordPress plugin before 15.3 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-6690 (The wccp-pro WordPress plugin before 15.3 contains an open-redirect fl ...)
+ TODO: check
+CVE-2024-6668 (The ProfilePro WordPress plugin through 1.3 does not sanitise and esca ...)
+ TODO: check
+CVE-2024-6667 (The KBucket: Your Curated Content in WordPress plugin before 4.1.5 doe ...)
+ TODO: check
+CVE-2024-6665 (The KBucket: Your Curated Content in WordPress plugin before 4.1.6 doe ...)
+ TODO: check
+CVE-2024-6584 (The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET ...)
+ TODO: check
+CVE-2024-6486 (The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7. ...)
+ TODO: check
+CVE-2024-6478 (The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does ...)
+ TODO: check
+CVE-2024-6462 (The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise a ...)
+ TODO: check
+CVE-2024-6335 (The Tracking Code Manager WordPress plugin before 2.3.0 does not sanit ...)
+ TODO: check
+CVE-2024-6159 (The Push Notification for Post and BuddyPress WordPress plugin before ...)
+ TODO: check
+CVE-2024-5440 (The If-So Dynamic Content Personalization WordPress plugin before 1.8. ...)
+ TODO: check
+CVE-2024-5026 (The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitis ...)
+ TODO: check
+CVE-2024-53827 (Ericsson Packet Core Controller (PCC) contains a vulnerability where a ...)
+ TODO: check
+CVE-2024-51475 (IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML ...)
+ TODO: check
+CVE-2024-4665 (The EventPrime WordPress plugin before 3.5.0 does not properly valida ...)
+ TODO: check
+CVE-2024-4091 (The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sa ...)
+ TODO: check
+CVE-2024-4004 (The Advanced Cron Manager WordPress plugin before 2.5.7 does not sani ...)
+ TODO: check
+CVE-2024-4002 (The Carousel, Slider, Gallery by WP Carousel WordPress plugin before ...)
+ TODO: check
+CVE-2024-3996 (The Smart Post Show WordPress plugin before 2.4.28 does not sanitise ...)
+ TODO: check
+CVE-2024-3901 (The Genesis Blocks WordPress plugin through 3.1.3 does not properly es ...)
+ TODO: check
+CVE-2024-3062 (The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 doe ...)
+ TODO: check
+CVE-2024-2869 (The Easy Property Listings WordPress plugin before 3.5.4 does not sani ...)
+ TODO: check
+CVE-2024-2643 (The Floating Notification Bar, Sticky Menu on Scroll, Announcement Ban ...)
+ TODO: check
+CVE-2024-1663 (The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 do ...)
+ TODO: check
+CVE-2024-13865 (The S3Player WordPress plugin through 4.2.1 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-13828 (The Badgearoo WordPress plugin through 1.0.14 does not sanitise and es ...)
+ TODO: check
+CVE-2024-13823 (The 360 Product Rotation WordPress plugin through 1.5.8 does not sanit ...)
+ TODO: check
+CVE-2024-13730 (The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not s ...)
+ TODO: check
+CVE-2024-13729 (The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not ...)
+ TODO: check
+CVE-2024-13727 (The MemberSpace WordPress plugin before 2.1.14 does not sanitise and ...)
+ TODO: check
+CVE-2024-13621 (The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not s ...)
+ TODO: check
+CVE-2024-13619 (The LifterLMS WordPress plugin before 8.0.1 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-13616 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7. ...)
+ TODO: check
+CVE-2024-13486 (The Icegram Engage WordPress plugin before 3.1.32 does not sanitise a ...)
+ TODO: check
+CVE-2024-13482 (The Icegram Engage WordPress plugin before 3.1.32 does not sanitise a ...)
+ TODO: check
+CVE-2024-13384 (The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugi ...)
+ TODO: check
+CVE-2024-13383 (The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-13382 (The Calculated Fields Form WordPress plugin before 5.2.64 does not san ...)
+ TODO: check
+CVE-2024-13357 (The Ditty WordPress plugin before 3.1.52 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-13313 (The AWeber WordPress plugin through 7.3.20 does not sanitise and esca ...)
+ TODO: check
+CVE-2024-13128 (The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise an ...)
+ TODO: check
+CVE-2024-13127 (The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise an ...)
+ TODO: check
+CVE-2024-13053 (The Form Maker by 10Web WordPress plugin before 1.15.33 does not sani ...)
+ TODO: check
+CVE-2024-12874 (The Top Comments WordPress plugin through 1.0 does not sanitise and es ...)
+ TODO: check
+CVE-2024-12873 (The Custom Field Manager WordPress plugin through 1.0 does not sanitis ...)
+ TODO: check
+CVE-2024-12812 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
+ TODO: check
+CVE-2024-12808 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
+ TODO: check
+CVE-2024-12800 (The IP Based Login WordPress plugin before 2.4.1 does not sanitise val ...)
+ TODO: check
+CVE-2024-12770 (The WP ULike WordPress plugin before 4.7.6 does not sanitise and esca ...)
+ TODO: check
+CVE-2024-12767 (The buddyboss-platform WordPress plugin before 2.7.60 lacks proper acc ...)
+ TODO: check
+CVE-2024-12750 (The Competition Form WordPress plugin through 2.0 does not have CSRF c ...)
+ TODO: check
+CVE-2024-12743 (The MailPoet WordPress plugin before 5.5.2 does not sanitise and esca ...)
+ TODO: check
+CVE-2024-12739 (The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise ...)
+ TODO: check
+CVE-2024-12735 (The Advance Post Prefix WordPress plugin through 1.1.1 does not saniti ...)
+ TODO: check
+CVE-2024-12734 (The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post P ...)
+ TODO: check
+CVE-2024-12733 (The AffiliateImporterEb WordPress plugin through 1.0.6 does not saniti ...)
+ TODO: check
+CVE-2024-12732 (The AffiliateImporterEb WordPress plugin through 1.0.6 does not saniti ...)
+ TODO: check
+CVE-2024-12726 (The ClipArt WordPress plugin through 0.2 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-12725 (The Clasify Classified Listing WordPress plugin through 1.0.7 does not ...)
+ TODO: check
+CVE-2024-12724 (The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and ...)
+ TODO: check
+CVE-2024-12722 (The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugi ...)
+ TODO: check
+CVE-2024-12716 (The Simple Basic Contact Form WordPress plugin before 20250114 does no ...)
+ TODO: check
+CVE-2024-12680 (The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and e ...)
+ TODO: check
+CVE-2024-12679 (The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and e ...)
+ TODO: check
+CVE-2024-12301 (The JSP Store Locator WordPress plugin through 1.0 does not have CSRF ...)
+ TODO: check
+CVE-2024-12282 (The WordPress\u8fde\u63a5\u5fae\u535a WordPress plugin through 2.5.6 d ...)
+ TODO: check
+CVE-2024-11843 (The Panorama WordPress plugin through 1.5.1 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-11719 (The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF ...)
+ TODO: check
+CVE-2024-11718 (The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level ...)
+ TODO: check
+CVE-2024-11502 (The Planning Center Online Giving WordPress plugin through 1.0.0 does ...)
+ TODO: check
+CVE-2024-11373 (The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF c ...)
+ TODO: check
+CVE-2024-11372 (The Connexion Logs WordPress plugin through 3.0.2 does not sanitize an ...)
+ TODO: check
+CVE-2024-11269 (The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and ...)
+ TODO: check
+CVE-2024-11267 (The JSP Store Locator WordPress plugin through 1.0 does not sanitize a ...)
+ TODO: check
+CVE-2024-11266 (The Geocache Stat Bar Widget WordPress plugin through 0.911 does not s ...)
+ TODO: check
+CVE-2024-11221 (The Full Screen (Page) Background Image Slideshow WordPress plugin thr ...)
+ TODO: check
+CVE-2024-11190 (The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and esca ...)
+ TODO: check
+CVE-2024-11189 (The Social Share And Social Locker WordPress plugin before 1.4.2 does ...)
+ TODO: check
+CVE-2024-11141 (The Sailthru Triggermail WordPress plugin through 1.1 does not sanitis ...)
+ TODO: check
+CVE-2024-11140 (The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin th ...)
+ TODO: check
+CVE-2024-11109 (The WP Google Review Slider WordPress plugin before 15.6 does not sani ...)
+ TODO: check
+CVE-2024-10818 (The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate ...)
+ TODO: check
+CVE-2024-10677 (The BTEV WordPress plugin through 2.0.2 does not have CSRF check in pl ...)
+ TODO: check
+CVE-2024-10639 (The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise a ...)
+ TODO: check
+CVE-2024-10634 (The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSR ...)
+ TODO: check
+CVE-2024-10632 (The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize ...)
+ TODO: check
+CVE-2024-10631 (The Countdown Timer for WordPress Block Editor WordPress plugin throug ...)
+ TODO: check
+CVE-2024-10504 (The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin ...)
+ TODO: check
+CVE-2024-10475 (The Responsive Contact Form Builder & Lead Generation Plugin WordPress ...)
+ TODO: check
+CVE-2024-10362 (The Social Media Share Buttons & Social Sharing Icons WordPress plugin ...)
+ TODO: check
+CVE-2024-10149 (The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise ...)
+ TODO: check
+CVE-2024-10145 (The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and ...)
+ TODO: check
+CVE-2024-10144 (The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugi ...)
+ TODO: check
+CVE-2024-10143 (The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2 ...)
+ TODO: check
+CVE-2024-10107 (The Giveaways and Contests by RafflePress WordPress plugin before 1.1 ...)
+ TODO: check
+CVE-2024-10098 (The ApplyOnline WordPress plugin before 2.6.3 does not protect upload ...)
+ TODO: check
+CVE-2024-10076 (The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress pl ...)
+ TODO: check
+CVE-2024-10075 (The Jetpack WordPress plugin before 13.8 does not ensure that the pos ...)
+ TODO: check
+CVE-2024-10054 (The Happyforms WordPress plugin before 1.26.3 does not sanitise and e ...)
+ TODO: check
+CVE-2024-10009 (The Melapress File Monitor WordPress plugin before 2.1.0 does not sani ...)
+ TODO: check
+CVE-2024-0970 (This User Activity Tracking and Log WordPress plugin before 4.1.4 retr ...)
+ TODO: check
+CVE-2024-0852 (The coreActivity: Activity Logging for WordPress plugin before 1.8.1 d ...)
+ TODO: check
+CVE-2024-0249 (The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sa ...)
+ TODO: check
+CVE-2023-7297 (The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF che ...)
+ TODO: check
+CVE-2023-7239 (The WP Dashboard Notes WordPress plugin before 1.0.11 does not validat ...)
+ TODO: check
+CVE-2023-7231 (The illi Link Party! WordPress plugin through 1.0 lacks proper access ...)
+ TODO: check
+CVE-2023-7230 (The illi Link Party! WordPress plugin through 1.0 does not sanitize an ...)
+ TODO: check
+CVE-2023-7229 (The illi Link Party! WordPress plugin through 1.0 does not have CSRF c ...)
+ TODO: check
+CVE-2023-7228 (The illi Link Party! WordPress plugin through 1.0 does not sanitise an ...)
+ TODO: check
+CVE-2023-7197 (The Marketing Twitter Bot WordPress plugin through 1.11 does not have ...)
+ TODO: check
+CVE-2023-7196 (The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does ...)
+ TODO: check
+CVE-2023-7195 (The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF ...)
+ TODO: check
+CVE-2023-7174 (The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have ...)
+ TODO: check
+CVE-2023-7168 (The Better Follow Button for Jetpack WordPress plugin through 8.0 does ...)
+ TODO: check
+CVE-2023-7088 (The Add SVG Support for Media Uploader | inventivo WordPress plugin th ...)
+ TODO: check
+CVE-2023-7086 (The SVG Uploads Support WordPress plugin through 2.1.1 does not saniti ...)
+ TODO: check
+CVE-2023-6786 (The Payment Gateway for Telcell WordPress plugin through 2.0.1 does no ...)
+ TODO: check
+CVE-2023-6783 (The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise ...)
+ TODO: check
+CVE-2023-6541 (The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded ...)
+ TODO: check
+CVE-2023-6030 (The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_lo ...)
+ TODO: check
+CVE-2023-5934 (The Travelpayouts: All Travel Brands in One Place WordPress plugin bef ...)
+ TODO: check
+CVE-2023-5932 (The Travelpayouts: All Travel Brands in One Place WordPress plugin bef ...)
+ TODO: check
+CVE-2023-5529 (The Advanced Page Visit Counter WordPress plugin before 8.0.6 does no ...)
+ TODO: check
+CVE-2023-2334 (The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy D ...)
+ TODO: check
CVE-2025-4476 [libsoup: Null pointer dereference in libsoup may lead to Denial Of Service]
NOTE: Looks like a dupe of CVE-2025-32910
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2366513
@@ -7032,6 +7550,7 @@ CVE-2025-46419 (Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed E
CVE-2025-46417 (The unsafe globals in Picklescan before 0.0.25 do not include ssl. Con ...)
NOT-FOR-US: Picklescan
CVE-2025-46400 (In xfig diagramming tool, a segmentation fault while running fig2dev a ...)
+ {DLA-4147-1}
- fig2dev 1:3.2.9a-3 (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2362054
NOTE: https://sourceforge.net/p/mcj/tickets/187/
@@ -7039,16 +7558,19 @@ CVE-2025-46400 (In xfig diagramming tool, a segmentation fault while running fig
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/c4465e0d9af89d9738aad31c2d0873ac1fa03c96/
NOTE: Crash in CLI tool, no security impact
CVE-2025-46399 (In xfig diagramming tool, a segmentation fault in fig2dev allows memor ...)
+ {DLA-4147-1}
- fig2dev 1:3.2.9a-4 (unimportant)
NOTE: https://sourceforge.net/p/mcj/tickets/190/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/2bd6c0b210916d0d3ca81f304535b5af0849aa93/
NOTE: Crash in CLI tool, no security impact
CVE-2025-46398 (In xfig diagramming tool, a stack-overflow while running fig2dev allow ...)
+ {DLA-4147-1}
- fig2dev 1:3.2.9a-4 (unimportant)
NOTE: https://sourceforge.net/p/mcj/tickets/191/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/5f22009dba73922e98d49c0096cece8b215cd45b/
NOTE: Crash in CLI tool, no security impact
CVE-2025-46397 (In xfig diagramming tool, a stack-overflowwhile running fig2dev allows ...)
+ {DLA-4147-1}
- fig2dev 1:3.2.9a-4 (unimportant)
NOTE: https://sourceforge.net/p/mcj/tickets/192/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/dfa8b661b506a463a669754ed635b0a8eb67580e/
@@ -18940,7 +19462,7 @@ CVE-2025-30348 (encodeText in QDom in Qt before 6.8.0 has a complex algorithm in
CVE-2025-30347 (Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain ...)
NOT-FOR-US: Varnish Enterprise
CVE-2025-30346 (Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 all ...)
- {DLA-4101-1}
+ {DSA-5918-1 DLA-4101-1}
- varnish 7.7.0-1
NOTE: https://varnish-cache.org/security/VSV00015.html
NOTE: https://github.com/varnishcache/varnish-cache/commit/8ef69a03b36aeac5f364c01eb20f821860e47f14 (varnish-7.7.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a6c889c085c1e2418b1450594b26e5b1f0b265b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a6c889c085c1e2418b1450594b26e5b1f0b265b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250516/0c61e5cf/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list