[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Oct 25 09:13:14 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1166d444 by security tracker role at 2025-10-25T08:13:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,88 @@
-CVE-2025-52099 [SQLite integer overflow]
+CVE-2025-9322 (The Stripe Payment Forms by WP Full Pay \u2013 Accept Credit Card Paym ...)
+	TODO: check
+CVE-2025-8666 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-8588 (The Gutenberg Blocks \u2013 PublishPress Blocks plugin for WordPress i ...)
+	TODO: check
+CVE-2025-8483 (The The Discussion Board \u2013 WordPress Forum Plugin plugin for Word ...)
+	TODO: check
+CVE-2025-8416 (The Product Filter by WBW plugin for WordPress is vulnerable to SQL In ...)
+	TODO: check
+CVE-2025-8413 (The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scri ...)
+	TODO: check
+CVE-2025-6680 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+	TODO: check
+CVE-2025-6639 (The Tutor LMS Pro \u2013 eLearning and online course solution plugin f ...)
+	TODO: check
+CVE-2025-62723 (FlashMQ is a MQTT broker/server, designed for multi-CPU environments.  ...)
+	TODO: check
+CVE-2025-62717 (Emlog is an open source website building system. In version 2.5.23, Em ...)
+	TODO: check
+CVE-2025-62716 (Plane is open-source project management software. Prior to version 1.1 ...)
+	TODO: check
+CVE-2025-62711 (Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to befo ...)
+	TODO: check
+CVE-2025-60954 (Microweber CMS 2.0 has Weak Password Requirements. The application doe ...)
+	TODO: check
+CVE-2025-4203 (The wpForo Forum plugin for WordPress is vulnerable to error\u2010base ...)
+	TODO: check
+CVE-2025-4106 (An authenticated admin user with access to both the management WebUI a ...)
+	TODO: check
+CVE-2025-34503 (Deck Mate 1 executes firmware directly from an external EEPROM without ...)
+	TODO: check
+CVE-2025-34502 (Deck Mate 2 lacks a verified secure-boot chain and runtime integrity v ...)
+	TODO: check
+CVE-2025-34500 (Deck Mate 2's firmware update mechanism accepts packages without crypt ...)
+	TODO: check
+CVE-2025-34293 (GN4 Publishing System versions prior to 2.6 contain an insecure direct ...)
+	TODO: check
+CVE-2025-12194 (Uncontrolled Resource Consumption vulnerability in Legion of the Bounc ...)
+	TODO: check
+CVE-2025-12095 (The Simple Registration for WooCommerce plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-12034 (The Fast Velocity Minify plugin for WordPress is vulnerable to Stored  ...)
+	TODO: check
+CVE-2025-12005 (The WP VR \u2013 360 Panorama and Free Virtual Tour Builder For WordPr ...)
+	TODO: check
+CVE-2025-11976 (The FuseWP \u2013 WordPress User Sync to Email List & Marketing Automa ...)
+	TODO: check
+CVE-2025-11893 (The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising ...)
+	TODO: check
+CVE-2025-11888 (The ShopEngine Elementor WooCommerce Builder Addon \u2013 All in One W ...)
+	TODO: check
+CVE-2025-11879 (The GenerateBlocks plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2025-11875 (The SpendeOnline.org plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2025-11823 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +2 ...)
+	TODO: check
+CVE-2025-11760 (The eRoom \u2013 Webinar & Meeting Plugin for Zoom, Google Meet, Micro ...)
+	TODO: check
+CVE-2025-11564 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+	TODO: check
+CVE-2025-11497 (The Advanced Database Cleaner plugin for WordPress is vulnerable to Cr ...)
+	TODO: check
+CVE-2025-11269 (The Product Filter by WBW plugin for WordPress is vulnerable to unauth ...)
+	TODO: check
+CVE-2025-11255 (The Password Policy Manager | Password Manager plugin for WordPress is ...)
+	TODO: check
+CVE-2025-11244 (The Password Protected plugin for WordPress is vulnerable to authoriza ...)
+	TODO: check
+CVE-2025-11238 (The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2025-10737 (The Open Source Genesis Framework theme for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-10694 (The User Feedback \u2013 Create Interactive Feedback Form, User Survey ...)
+	TODO: check
+CVE-2025-10637 (The Social Feed Gallery plugin for WordPress is vulnerable to Informat ...)
+	TODO: check
+CVE-2025-10580 (The Widget Options \u2013 The #1 WordPress Widget & Block Control Plug ...)
+	TODO: check
+CVE-2025-10579 (The BackWPup \u2013 WordPress Backup & Restore Plugin plugin for WordP ...)
+	TODO: check
+CVE-2025-10488 (The Directorist: AI-Powered Business Directory Plugin with Classified  ...)
+	TODO: check
+CVE-2025-52099 (Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a rem ...)
 	- sqlite3 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2406257
 	TODO: clarify details, unspecific, RedHat only mentions denial of service via the setupLookaside function



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1166d44458314c821331f99449aaea1b3a4166db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1166d44458314c821331f99449aaea1b3a4166db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251025/d949aca7/attachment.htm>

More information about the debian-security-tracker-commits mailing list