[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 17 08:14:36 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6384c463 by security tracker role at 2026-01-17T08:13:49+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-23800 (Incorrect Privilege Assignment vulnerability in Modular DS modular-con ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23745 (node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails t ...)
 	TODO: check
 CVE-2026-23744 (MCPJam inspector is the local-first development platform for MCP serve ...)
@@ -15,25 +15,25 @@ CVE-2026-22865 (Gradle is a build automation tool, and its native-platform tool
 CVE-2026-22816 (Gradle is a build automation tool, and its native-platform tool provid ...)
 	TODO: check
 CVE-2026-21223 (Microsoft Edge Elevation Service exposes a privileged COM interface th ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-20960 (Improper authorization in Microsoft Power Apps allows an authorized at ...)
 	TODO: check
 CVE-2026-0833 (The Team Section Block plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0820 (The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0808 (The Spin Wheel plugin for WordPress is vulnerable to client-side prize ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0691 (The CM E-Mail Blacklist \u2013 Simple email filtering for safer regist ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0682 (The Church Admin plugin for WordPress is vulnerable to Server-Side Req ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0519 (In Secure Access 12.70 and prior to 14.20, the logging  subsystem may  ...)
-	TODO: check
+	NOT-FOR-US: Absolute Software
 CVE-2026-0518 (CVE-2026-0518 is a cross-site scripting vulnerability in versions of   ...)
-	TODO: check
+	NOT-FOR-US: Absolute Software
 CVE-2026-0517 (CVE-2026-0517 is a denial-of-service vulnerability in versions of Secu ...)
-	TODO: check
+	NOT-FOR-US: Absolute Software
 CVE-2025-5489
 	REJECTED
 CVE-2025-5102
@@ -45,33 +45,33 @@ CVE-2025-15529 (A vulnerability was found in Open5GS up to 2.7.6. Affected by th
 CVE-2025-15528 (A vulnerability has been found in Open5GS up to 2.7.6. Affected by thi ...)
 	TODO: check
 CVE-2025-15403 (The RegistrationMagic plugin for WordPress is vulnerable to Privilege  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14632 (The Filr \u2013 Secure document library plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14478 (The Demo Importer Plus plugin for WordPress is vulnerable to XML Exter ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14463 (The Payment Button for PayPal plugin for WordPress is vulnerable to un ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14450 (The Wallet System for WooCommerce plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14075 (The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14029 (The Community Events plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13725 (The Gutenberg Thim Blocks \u2013 Page Builder, Gutenberg Blocks for th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12984 (The Advanced Ads \u2013Ad Manager & AdSense plugin for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12825 (The User Registration Using Contact Form 7 plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12718 (The Quick Contact Form plugin for WordPress is vulnerable to Open Mail ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12168 (The Phrase TMS Integration for WordPress plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12129 (The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12002 (The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8506
 	REJECTED
 CVE-2024-8491



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6384c4634ec4e3b97f3619a44b818bb5471cdca4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6384c4634ec4e3b97f3619a44b818bb5471cdca4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260117/b847b320/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list