[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 21 08:14:59 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
06b77d78 by security tracker role at 2026-03-21T08:14:41+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,123 +9,123 @@ CVE-2026-4507 (A vulnerability was determined in Mindinventory MindSQL up to 0.2
CVE-2026-4506 (A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impact ...)
TODO: check
CVE-2026-4373 (The JetFormBuilder plugin for WordPress is vulnerable to arbitrary fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4302 (The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4261 (The Expire Users plugin for WordPress is vulnerable to Privilege Escal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4161 (The Review Map by RevuKangaroo plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4143 (The Neos Connector for Fakturama plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4127 (The Speedup Optimization plugin for WordPress is vulnerable to Missing ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4087 (The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4086 (The WP Random Button plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4084 (The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4083 (The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4077 (The Ecover Builder For Dummies plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4072 (The WordPress PayPal Donation plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4069 (The Alfie \u2013 Feed Plugin plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4067 (The Ad Short plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4022 (The Show Posts list \u2013 Easy designs, filters and more plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4004 (The Task Manager plugin for WordPress is vulnerable to arbitrary short ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3997 (The Text Toggle plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3996 (The WP Games Embed plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3864 (A vulnerability was discovered in the Kubernetes CSI Driver for NFS wh ...)
TODO: check
CVE-2026-3651 (The Build App Online plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3645 (The Punnel \u2013 Landing Page Builder plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3641 (The Appmax plugin for WordPress is vulnerable to Improper Input Valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3619 (The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3617 (The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3584 (The Kali Forms plugin for WordPress is vulnerable to Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3577 (The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3572 (The iTracker360 plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3570 (The Smarter Analytics plugin for WordPress is vulnerable to unauthoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3567 (The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3554 (The Sherk Custom Post Type Displays plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3546 (The e-shot form builder plugin for WordPress is vulnerable to Sensitiv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3516 (The Contact List plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3506 (The WP-Chatbot for Messenger plugin for WordPress is vulnerable to aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3478 (The Content Syndication Toolkit plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3474 (The EmailKit \u2013 Email Customizer for WooCommerce & WP plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3460 (The REST API TO MiniProgram plugin for WordPress is vulnerable to Inse ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3368 (The Injection Guard plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3354 (The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3353 (The Comment SPAM Wiper plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3350 (The Image Alt Text Manager plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3347 (The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3339 (The Keep Backup Daily plugin for WordPress is vulnerable to Limited Pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3335 (The Canto plugin for WordPress is vulnerable to Missing Authorization ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3334 (The CMS Commander plugin for WordPress is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3333 (The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3332 (The Xhanch - My Advanced Settings plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3331 (The Lobot Slider Administrator plugin for WordPress is vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3003 (The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-33476 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
TODO: check
CVE-2026-33428 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33427 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33426 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33425 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33424 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33423 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33422 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33411 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33291 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33251 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33243 (barebox is a bootloader. In barebox from version 2016.03.0 to before v ...)
TODO: check
CVE-2026-33238 (WWBN AVideo is an open source video platform. Prior to version 26.0, t ...)
@@ -191,17 +191,17 @@ CVE-2026-33143 (OneUptime is a solution for monitoring and managing online servi
CVE-2026-33142 (OneUptime is a solution for monitoring and managing online services. P ...)
TODO: check
CVE-2026-32899 (OpenClaw versions prior to 2026.2.25 fail to consistently apply sender ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32898 (OpenClaw versions prior to 2026.2.23 contain an authorization bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32897 (OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fal ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32896 (OpenClaw versions prior to 2026.2.21 BlueBubbles webhook handler conta ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32895 (OpenClaw versions prior to 2026.2.26 fail to enforce sender authorizat ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32887 (Effect is a TypeScript framework that consists of several packages tha ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-32810 (Halloy is an IRC application written in Rust. In versions on \*nix and ...)
TODO: check
CVE-2026-32733 (Halloy is an IRC application written in Rust. Prior to commit 0f77b2cf ...)
@@ -211,43 +211,43 @@ CVE-2026-32666 (WebCTRL systems that communicate over BACnet inherit the protoco
CVE-2026-32663 (The WebSocket backend uses charging station identifiers to uniquely as ...)
TODO: check
CVE-2026-32067 (OpenClaw versions prior to 2026.2.26 contains an authorization bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32065 (OpenClaw versions prior to 2026.2.25 contain an approval-integrity byp ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32064 (OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launch ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32058 (OpenClaw versions prior to 2026.2.26 contain an approval context-bindi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32057 (OpenClaw versions prior to 2026.2.25 contain an authentication bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32056 (OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup en ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32055 (OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32054 (OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32053 (OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32052 (OpenClaw versions prior to 2026.2.24 contain a command injection vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32051 (OpenClaw versions prior to 2026.3.1 contain an authorization mismatch ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32050 (OpenClaw versions prior to 2026.2.25 contain an access control vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32049 (OpenClaw versions prior to 2026.2.22 fail to consistently enforce conf ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32048 (OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritanc ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32046 (OpenClaw versions prior to 2026.2.21 contain an improper sandbox confi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32045 (OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tails ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32044 (OpenClaw versions prior to 2026.3.2 contain an archive extraction vuln ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32043 (OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-u ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32042 (OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege esc ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31926 (Charging station authentication identifiers are publicly accessible vi ...)
TODO: check
CVE-2026-31904 (The WebSocket Application Programming Interface lacks restrictions on ...)
@@ -255,49 +255,49 @@ CVE-2026-31904 (The WebSocket Application Programming Interface lacks restrictio
CVE-2026-31903 (The WebSocket Application Programming Interface lacks restrictions on ...)
TODO: check
CVE-2026-2941 (The Linksy Search and Replace plugin for WordPress is vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2837 (The Ricerca \u2013 advanced search plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2723 (The Post Snippits plugin for WordPress is vulnerable to Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2720 (The Hr Press Lite plugin for WordPress is vulnerable to unauthorized a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2598
REJECTED
CVE-2026-2503 (The ElementCamp plugin for WordPress is vulnerable to time-based SQL I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2501 (The Ed's Social Share plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2496 (The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2468 (The Quentn WP plugin for WordPress is vulnerable to SQL Injection via ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2440 (The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2430 (The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2427 (The itsukaita plugin for WordPress is vulnerable to Reflected Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2424 (The Reward Video Ad for WordPress plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2378 (ArcSearch for Android versions prior to 1.12.7 could display a differe ...)
TODO: check
CVE-2026-2375 (The App Builder \u2013 Create Native Android & iOS Apps On The Flight ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2352 (The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2351 (The Task Manager plugin for WordPress is vulnerable to Arbitrary File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2294 (The UiPress lite | Effortless custom dashboards, admin themes and page ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2290 (The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2279 (The myLinksDump plugin for WordPress is vulnerable to SQL Injection vi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2277 (The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2121 (The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29796 (WebSocket endpoints lack proper authentication mechanisms, enabling at ...)
TODO: check
CVE-2026-28204 (Charging station authentication identifiers are publicly accessible vi ...)
@@ -313,77 +313,77 @@ CVE-2026-24060 (Service information is not encrypted when transmitted as BACnet
CVE-2026-23536 (A security issue was discovered in the Feast Feature Server's `/read-d ...)
TODO: check
CVE-2026-22163 (Requires malware code to misuse the DDK kernel module IOCTL interface. ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-21732 (A web page that contains unusual GPU shader code is loaded into the GP ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-1935 (The Company Posts for LinkedIn plugin for WordPress is vulnerable to M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1914 (The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1911 (The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1908 (The Integration with Hubspot Forms plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1899 (The Any Post Slider plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1891 (The Simple Football Scoreboard plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1889 (The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1886 (The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1854 (The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1851 (The iVysilani Shortcode plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1822 (The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1806 (The Tour & Activity Operator Plugin for TourCMS plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1800 (The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1648 (The Performance Monitor plugin for WordPress is vulnerable to Server-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1647 (The Comment Genius plugin for WordPress is vulnerable to Reflected Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1575 (The Schema Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1503 (The login_register plugin for WordPress is vulnerable to Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1397 (The PQ Addons \u2013 Creative Elementor Widgets plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1393 (The Add Google Social Profiles to Knowledge Graph Box plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1392 (The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1390 (The Redirect countdown plugin for WordPress is vulnerable to Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1378 (The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1313 (The MimeTypes Link Icons plugin for WordPress is vulnerable to Server- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1278 (The Mandatory Field plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1275 (The Multi Post Carousel by Category plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1253 (The Group Chat & Video Chat by AtomChat plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1247 (The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1093 (The WPFAQBlock\u2013 FAQ & Accordion Plugin For Gutenberg plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0609 (The Logo Slider \u2013 Logo Carousel, Logo Showcase & Client Logo Slid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-63261 (AWStats 8.0 is vulnerable to Command Injection via the open function)
TODO: check
CVE-2025-55988 (An issue in the component /Controllers/RestController.php of DreamFact ...)
TODO: check
CVE-2025-14037 (The Invelity Product Feeds plugin for WordPress is vulnerable to arbit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13910 (The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13785 (The The Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the URL which ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06b77d78590c5e0c2a63fd7fc72076725593d068
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06b77d78590c5e0c2a63fd7fc72076725593d068
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260321/938624e7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list