[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 7 08:14:09 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c0c7db6 by security tracker role at 2026-03-07T08:13:57+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-3352 (The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3233
 	REJECTED
 CVE-2026-30842 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
@@ -47,9 +47,9 @@ CVE-2026-30237 (Group-Office is an enterprise customer relationship management a
 CVE-2026-30233 (OliveTin gives access to predefined shell commands from a web interfac ...)
 	TODO: check
 CVE-2026-30231 (Flare is a Next.js-based, self-hostable file sharing platform that int ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2026-30230 (Flare is a Next.js-based, self-hostable file sharing platform that int ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2026-30229 (Parse Server is an open source backend that can be deployed to any inf ...)
 	TODO: check
 CVE-2026-30228 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -63,25 +63,25 @@ CVE-2026-30224 (OliveTin gives access to predefined shell commands from a web in
 CVE-2026-30223 (OliveTin gives access to predefined shell commands from a web interfac ...)
 	TODO: check
 CVE-2026-2722 (The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2721 (The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2494 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2488 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2433 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2431 (The CM Custom Reports plugin for WordPress is vulnerable to Reflected  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2429 (The Community Events plugin for WordPress is vulnerable to SQL Injecti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2420 (The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2371 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2020 (The JS Archive List plugin for WordPress is vulnerable to PHP Object I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-29795 (stellar-xdr is a library and CLI containing types and functionality fo ...)
 	TODO: check
 CVE-2026-29791 (Agentgateway is an open source data plane for agentic AI connectivity  ...)
@@ -107,45 +107,45 @@ CVE-2026-25071 (XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 an
 CVE-2026-25070 (XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prio ...)
 	TODO: check
 CVE-2026-1981 (The HUMN-1 AI Website Scanner & Human Certification by Winston AI plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1902 (The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1825 (The Show YouTube video plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1824 (The Infomaniak Connect for OpenID plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1823 (The Consensus Embed plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1820 (The Media Library Alt Text Editor plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1805 (The DA Media GigList plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1650 (The MDJM Event Management plugin for WordPress is vulnerable to unauth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1644 (The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1574 (The MyQtip \u2013 easy qTip2 plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1569 (The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1087 (The Guardian News Feed plugin for WordPress is vulnerable to Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1086 (The Font Pairing Preview For Landing Pages plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1085 (The True Ranker plugin for WordPress is vulnerable to Cross-Site Reque ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1074 (The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1073 (The Purchase Button For Affiliate Link plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1071 (The Carta Online plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8899 (The Paid Videochat Turnkey Site \u2013 HTML5 PPV Live Webcams plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14675 (The Meta Box plugin for WordPress is vulnerable to arbitrary file dele ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14353 (The ZIP Code Based Content Protection plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3653
 	REJECTED
 CVE-2026-3589 (The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does no ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0c7db6a7b7a3d281012c2460d436a169c93423

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0c7db6a7b7a3d281012c2460d436a169c93423
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260307/e213f652/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list