[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 6 08:13:58 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35acd15c by security tracker role at 2026-06-06T07:13:51+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,77 +1,77 @@
 CVE-2026-9851 (The Booking Package plugin for WordPress is vulnerable to Privilege Es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9829 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9719 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9594 (The WP Maps \u2013 Google Maps,OpenStreetMap,Mapbox,Store Locator,List ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9290 (The WP User Manager \u2013 User Profile Builder & Membership plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9281 (The Master Addons For Elementor \u2013 Widgets, Extensions, Theme Buil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9280 (The Ad Inserter \u2013 Ad Manager & AdSense Ads plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9197 (The Smart Slider 3 plugin for WordPress is vulnerable to Directory Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9016 (The Debug Log Manager \u2013 Conveniently Monitor and Inspect Errors p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9008 (The Page-list plugin for WordPress is vulnerable to Missing Authorizat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8991 (The Drag and Drop Multiple File Upload for Contact Form 7 plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8978 (The OptinCraft \u2013 Drag & Drop Optins & Popup Builder for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8976 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8901 (The Integration for Freshsales \u2013 Contact Form 7, WPForms, Element ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8900 (The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8893 (The Express Payment For Stripe plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8839 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8611 (The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8608 (The Event Monster \u2013 Event Management, Events Calendar, Tickets pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8502 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8438 (The All-In-One Security (AIOS) \u2013 Security and Firewall plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7796 (The EmbedPress \u2013 PDF Embedder, Embed PDF viewer, YouTube Videos,  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7795 (The Click to Chat \u2013 WA Widget plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7792 (The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Form ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7665 (The Essential Addons for Elementor \u2013 Popular Elementor Templates  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7654 (The Admin Columns plugin for WordPress is vulnerable to PHP Object Inj ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7624 (The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7566 (The LearnPress \u2013 Backup & Migration Tool plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7565 (The LearnPress \u2013 Backup & Migration Tool plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7537 (The MDJM Event Management plugin for WordPress is vulnerable to Arbitr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7523 (The Alba Board plugin for WordPress is vulnerable to authorization byp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7047 (The Frontend User Notes plugin for WordPress is vulnerable to Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6448 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6242 (An authenticated format string vulnerability exists in the ONVIF Subsc ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2026-6241 (An authenticated format string vulnerability is present in the ONVIF A ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2026-6240 (A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 i ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2026-6239 (A stack\u2011based buffer overflow vulnerability exists in Tapo C520WS ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2026-46493 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. V ...)
 	TODO: check
 CVE-2026-46401 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. V ...)
@@ -99,21 +99,21 @@ CVE-2026-45409 (Internationalized Domain Names in Applications (IDNA) for Python
 CVE-2026-45300 (The AsyncHttpClient (AHC) library allows Java applications to easily e ...)
 	TODO: check
 CVE-2026-36785 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-34123 (On Tapo C520WS v2, restricted accounts (for example, hub users) are in ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2026-2500 (The Quick Playground plugin for WordPress is vulnerable to Path Traver ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-25624 (An administrative cross-site scripting (XSS) vulnerability exists in t ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2026-25623 (An input validation command execution vulnerability exists in the brow ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2026-25622 (A Captive Portal Custom Handler command injection vulnerability exists ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2026-25621 (A Reports application infrastructure vulnerability exists in Arista Ed ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2026-25620 (An encrypted password command injection vulnerability exists in the Ca ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2026-11431 (A path traversal vulnerability exists in the Projects Service download ...)
 	TODO: check
 CVE-2026-11429 (A path traversal vulnerability exists in the Git Service component sha ...)
@@ -133,13 +133,13 @@ CVE-2026-11416 (MoviePilot contains a path traversal vulnerability in the AliPan
 CVE-2026-11414 (A hard-coded cryptographic key is used by Altium Enterprise Server to  ...)
 	TODO: check
 CVE-2026-11401 (An untrusted search path issue in the GlobalDatabasePlugin in the AWS  ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-11400 (An untrusted search path issue in the GlobalDatabasePlugin in the AWS  ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-10038 (The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12656 (The Migration, Backup, Staging \u2013 WPvivid Backup & Migration plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9270 (DataDog::DogStatsd versions through 0.07 for Perl allow metric injecti ...)
 	NOT-FOR-US: DataDog::DogStatsd Perl module
 CVE-2026-9088 (A flaw was found in org.keycloak.services. An administrator with deleg ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35acd15c0976d04a9506de539eb31da18180687b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35acd15c0976d04a9506de539eb31da18180687b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260606/fc889c13/attachment.htm>

More information about the debian-security-tracker-commits mailing list