[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 16 08:14:14 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6e5c4e6d by security tracker role at 2026-06-16T07:14:08+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2026-9691 (Unauthenticated PHP Object Injection in Integration for ActiveCampaign ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-9262 (Use of a non-secure protocol as the default FTP configuration in Canon ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-9261 (Use of weak SSH cryptographic algorithms in Canon EOS Network Setting ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-9260 (Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-9259 (Improper validation of server certificates in Canon EOS Network Settin ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-9258 (Improper validation of SSH host keys in Canon EOS Network Setting Tool ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-9187 (The Abandoned Contact Form 7 plugin for WordPress is vulnerable to una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8443 (The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Inj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7273 (A stack-based buffer overflow vulnerability in the CGI program of Zyxe ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-6964 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6933 (The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5149 (The RTMKit plugin for WordPress is vulnerable to Incorrect Authorizati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5064 (Potential security vulnerabilities have been identified in the HP One ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-54444
REJECTED
CVE-2026-54296
@@ -43,23 +43,23 @@ CVE-2026-52721 (Multiple out-of-bounds read vulnerabilities were found in GStrea
CVE-2026-52720 (A heap buffer overflow vulnerability was found in GStreamer's librfb ( ...)
TODO: check
CVE-2026-52703 (Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52702 (Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52700 (Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52699 (Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52697 (Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52695 (Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52694 (Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52693 (Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52692 (Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-50892 (Incorrect access control in the "Let's Encrypt" certificate download e ...)
TODO: check
CVE-2026-50891 (Incorrect access control in the /admin/api/config component of Filesta ...)
@@ -117,121 +117,121 @@ CVE-2026-49953 (Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTC
CVE-2026-49952 (Discuz! X5.0 releases 20260320 through 20260501 contains an authentica ...)
TODO: check
CVE-2026-49781 (Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49780 (Customer Privilege Escalation in Dokan <= 5.0.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49776 (Unauthenticated SQL Injection in GPTranslate \u2013 Multilingual AI Tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49775 (Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49773 (Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49770 (Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49769 (Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49768 (Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49766 (Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49765 (Unauthenticated PHP Object Injection in Integration for Mailchimp and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49764 (Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49763 (Unauthenticated PHP Object Injection in Integration for Contact Form 7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49112 (Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49110 (Unauthenticated Broken Authentication in Upsell Order Bump Offer for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49109 (Unauthenticated PHP Object Injection in Integration for Salesforce and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49106 (Unauthenticated PHP Object Injection in Integration for Contact Form 7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49105 (Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49104 (Unauthenticated PHP Object Injection in Integration for Keap/infusions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49085 (Unauthenticated PHP Object Injection in WP Insightly for Contact Form ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49083 (Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49082 (Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Cha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49078 (Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49070 (Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49068 (Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49067 (Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49066 (Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49065 (Unauthenticated Broken Access Control in Hippoo Mobile App for WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49063 (Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49061 (Unauthenticated Arbitrary File Download in WPC Product Options for Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49056 (Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49055 (Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49043 (Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48970 (Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48966 (Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by Funnel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48965 (Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48964 (Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48889 (Subscriber Privilege Escalation in Amelia <= 2.3 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48887 (Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48886 (Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48885 (Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48883 (Unauthenticated Broken Access Control in WPC Product Bundles for WooCo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48882 (Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48881 (Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48880 (Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48878 (Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48876 (Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48874 (Subscriber SQL Injection in GamiPress <= 7.8.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48873 (Unauthenticated Broken Access Control in Montonio for WooCommerce <= 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48872 (Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48871 (Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48870 (Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48868 (Unauthenticated Insecure Direct Object References (IDOR) in Simple Sho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48867 (Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48854 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
TODO: check
CVE-2026-48853 (Deserialization of Untrusted Data and Allocation of Resources Without ...)
TODO: check
CVE-2026-48838 (Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48836 (Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48835 (Unauthenticated Broken Access Control in Contact Form by WPForms <= 1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48723 (The browserstack-cypress-cli is BrowserStack's CLI which allows users ...)
TODO: check
CVE-2026-48714 (i18next-http-middleware is a middleware to be used with Node.js web fr ...)
@@ -255,17 +255,17 @@ CVE-2026-48114 (Metacat is data repository software that helps researchers prese
CVE-2026-48017 (DbGate is cross-platform database manager. In versions 7.1.8 and prior ...)
TODO: check
CVE-2026-47835 (In Spring AI Vector Stores, special characters could be used to force ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-47825 (Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-47261 (Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36 ...)
TODO: check
CVE-2026-45441 (Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45439 (Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45437 (Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45390 (In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in ...)
TODO: check
CVE-2026-45389 (In OCaml-TLS before 2.1.0, the server implementation does insufficient ...)
@@ -273,225 +273,225 @@ CVE-2026-45389 (In OCaml-TLS before 2.1.0, the server implementation does insuff
CVE-2026-45388 (In OCaml-TLS before 2.1.0, the client implementation does insufficient ...)
TODO: check
CVE-2026-42775 (Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42752 (Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42743 (Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42688 (Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42687 (Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42686 (Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42668 (Unauthenticated Broken Authentication in Email Marketing for WooCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42667 (Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42666 (Unauthenticated Broken Access Control in Salon booking system <= 10.30 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42665 (Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42664 (Unauthenticated Broken Access Control in AI Product Search for WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42663 (Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42662 (Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42661 (Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42660 (Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42659 (Subscriber Broken Access Control in Advanced Form Integration <= 1.126 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42658 (Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42657 (Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42656 (Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42655 (Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42651 (Subscriber Broken Access Control in Classified Listing <= 5.3.9 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42650 (Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42649 (Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42640 (Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42639 (Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42411 (Unauthenticated Broken Authentication in CloudSecure WP Security <= 1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42386 (Unauthenticated SQL Injection in Order Delivery Date for WooCommerce < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42384 (Unauthenticated Sensitive Data Exposure in Simply Schedule Appointment ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42381 (Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42378 (Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-41708 (In Spring Cloud Sleuth, it is possible for a user to provide specially ...)
TODO: check
CVE-2026-41556 (Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40799 (Unauthenticated Broken Authentication in Simple Cloudflare Turnstile < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40798 (Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40796 (Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40795 (Subscriber Broken Access Control in Amelia <= 2.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40794 (Subscriber Broken Access Control in myCred <= 3.0.3 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40793 (Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40792 (Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40791 (Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40790 (Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40789 (Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40788 (Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40787 (Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40785 (Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40782 (Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40781 (Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40779 (Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40776 (Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40775 (Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40774 (Unauthenticated Broken Access Control in Booking Package <= 1.7.06 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40773 (Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40772 (Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40771 (Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40770 (Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40769 (Unauthenticated Arbitrary File Deletion in Contact Form Extender for D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40767 (Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40766 (Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40762 (Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40743 (Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40741 (Unauthenticated Broken Access Control in Redsys for WooCommerce Light ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40732 (Unauthenticated Cross Site Scripting (XSS) in Notification for Telegra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40727 (Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39594 (Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39591 (Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39587 (Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39584 (Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39583 (Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39579 (Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39540 (Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocomme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39534 (Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39533 (Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39532 (Contributor PHP Object Injection in Events Calendar for GeoDirectory < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39530 (Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39527 (Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39525 (Unauthenticated Broken Access Control in Booking Activities <= 1.16.48 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39524 (Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39519 (Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39518 (Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39515 (Subscriber Broken Access Control in Motors < 1.4.107 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39514 (Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscription ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39513 (Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39512 (Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39511 (Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39507 (Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39503 (Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39502 (Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39499 (Shop manager PHP Object Injection in Advanced Product Fields (Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39498 (Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39493 (Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39492 (Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39491 (Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39489 (Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39481 (Author PHP Object Injection in Modula Image Gallery <= 2.14.18 version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39480 (Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39478 (Contributor PHP Object Injection in Anti-Malware Security and Brute-Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39474 (Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39472 (Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39471 (Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39470 (Shop manager Privilege Escalation in WooCommerce Cart Abandonment Reco ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39468 (Contributor Arbitrary File Deletion in Meta Box \u2013 WordPress Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39465 (Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39463 (Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39451 (Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39450 (Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39449 (Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39447 (Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39441 (Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce \u20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39435 (Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39434 (Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39197 (An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector ...)
TODO: check
CVE-2026-39196 (Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection ...)
@@ -507,17 +507,17 @@ CVE-2026-38812 (RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/cr
CVE-2026-38329 (Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) vi ...)
TODO: check
CVE-2026-38065 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-38064 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-38063 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-38062 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-38061 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-38060 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-37216 (Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interfa ...)
TODO: check
CVE-2026-36933 (An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physical ...)
@@ -531,71 +531,71 @@ CVE-2026-36521 (PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerabi
CVE-2026-36213 (An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local att ...)
TODO: check
CVE-2026-34902 (Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Tabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34901 (Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34900 (Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34898 (Unauthenticated Broken Access Control in Event Tickets Manager for Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34892 (Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34891 (Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34886 (Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-30121 (remotion-dev remotion v4.0.409 was discovered to contain an arbitrary ...)
TODO: check
CVE-2026-30120 (remotion-dev remotion v4.0.409 was discovered to contain a remote code ...)
TODO: check
CVE-2026-27407 (Editor Privilege Escalation in AI Engine <= 3.4.9 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27333 (Unauthenticated Deserialization of untrusted data in Paid Videochat Tu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27089 (Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27053 (Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25440 (Unauthenticated Broken Access Control in Essential Addons for Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25425 (Unauthenticated Broken Access Control in User Registration <= 5.1.2 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24637 (Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-23970 (Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-12162 (Improper host validation in the social login autofill feature in Devo ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-12161 (Improper input validation in the SSH Elevate Shell feature in Devolut ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-11931 (Incorrect default permissions in Kiro IDE on macOS and Linux before ve ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-10780 (The Static Block plugin for WordPress is vulnerable to Insecure Direct ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the pag ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/ ...)
TODO: check
CVE-2025-69332 (Subscriber Broken Access Control in Bookify <= 1.1.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68872 (Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68851 (Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68840 (Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68713 (An issue was discovered in Rakuten Send Anywhere (File Transfer) for A ...)
TODO: check
CVE-2025-68049 (Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60175 (Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59133 (Custom role Insecure Direct Object References (IDOR) in Projectopia <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-56814 (A code injection vulnerability in the wxExecute() function of OpenCPN ...)
TODO: check
CVE-2025-10262 (Nokia SR Linux is vulnerable to local privilege escalation vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2026-XXXX [NTLM client: Avoid use-of-unitialized-value inside libntlm]
- gsasl 2.2.4-1
NOTE: https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e5c4e6d467fe8a80b506fee81af5306c65ca846
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e5c4e6d467fe8a80b506fee81af5306c65ca846
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260616/d9b88a17/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list