[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 27 20:15:13 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
615c22c4 by security tracker role at 2026-06-27T19:14:53+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-9242 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9233 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-49417 (Second, the audio buffer backing a mapping could be freed when the dev ...)
 	TODO: check
 CVE-2026-49416 (The CONS_HISTORY ioctl handler did not adequately validate the request ...)
@@ -17,25 +17,25 @@ CVE-2026-45259 (sigqueue(2) was marked as permitted in capability mode with the
 CVE-2026-45258 (dsp_mmap_single() validated the requested mapping by checking the sum  ...)
 	TODO: check
 CVE-2026-3462 (The Frisbii Pay plugin for WordPress is vulnerable to unauthorized mod ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-13295 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12471 (The Spexo theme for WordPress is vulnerable to unauthorized access due ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12432 (The WP Full Stripe Free plugin for WordPress is vulnerable to Missing  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12399 (The Gutenverse \u2013 WordPress Blocks, Page Builder & Site Editor plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-11987 (The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution \u2 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-11783 (The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution \u2 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-11773 (The Masteriyo LMS \u2013 LMS Course Builder, Quizzes & Certificates pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-11597 (The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-11364 (The Product Specifications for WooCommerce plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-XXXX [Out-of-bounds bit clears for negative Matroska ReadOrder values]
 	- libass 1:0.17.5-1
 	[trixie] - libass <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/615c22c4681c9be5a641d4ef85723ada87abc656

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/615c22c4681c9be5a641d4ef85723ada87abc656
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/1486e36c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list