[Git][security-tracker-team/security-tracker][master] Process several NFUs for WordPress plugins

Salvatore Bonaccorso Fri, 23 Aug 2019 12:49:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3eff7f3f by Salvatore Bonaccorso at 2019-08-23T19:48:07Z
Process several NFUs for WordPress plugins

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -367,13 +367,13 @@ CVE-2019-15331 (The 
wp-support-plus-responsive-ticket-system plugin before 9.1.2
 CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has 
insufficient  ...)
        NOT-FOR-US: webp-express plugin for WordPress
 CVE-2019-15329 (The import-users-from-csv-with-meta plugin before 1.14.0.3 for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress
 CVE-2019-15328 (The import-users-from-csv-with-meta plugin before 1.14.0.3 for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress
 CVE-2019-15327 (The import-users-from-csv-with-meta plugin before 1.14.1.3 for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress
 CVE-2019-15326 (The import-users-from-csv-with-meta plugin before 1.14.2.1 for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress
 CVE-2019-15325 (In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but 
/etc/sysctl.d/1 ...)
        TODO: check
 CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval 
injection in the ...)
@@ -395,7 +395,7 @@ CVE-2015-9338 (The wp-file-upload plugin before 2.5.0 for 
WordPress has insuffic
 CVE-2014-10394 (The rich-counter plugin before 1.2.0 for WordPress has 
JavaScript inje ...)
        NOT-FOR-US: rich-counter plugin for WordPress
 CVE-2014-10393 (The cforms2 plugin before 10.5 for WordPress has XSS. ...)
-       TODO: check
+       NOT-FOR-US: cforms2 plugin for WordPress
 CVE-2014-10392 (The cforms2 plugin before 10.2 for WordPress has XSS. ...)
        NOT-FOR-US: cforms2 plugin for WordPress
 CVE-2014-10391 (The wp-support-plus-responsive-ticket-system plugin before 4.1 
for Wor ...)
@@ -431,7 +431,7 @@ CVE-2019-15316 (Valve Steam Client for Windows through 
2019-08-20 has weak folde
 CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows 
privilege esc ...)
        NOT-FOR-US: Valve Steam Client for Windows
 CVE-2018-20986 (The advanced-custom-fields plugin before 5.7.8 for WordPress 
has XSS b ...)
-       TODO: check
+       NOT-FOR-US: advanced-custom-fields plugin for WordPress
 CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local 
file inc ...)
        NOT-FOR-US: wp-payeezy-pay plugin for WordPress
 CVE-2018-20984 (The patreon-connect plugin before 1.2.2 for WordPress has 
Object Injec ...)
@@ -447,7 +447,7 @@ CVE-2018-20980 (The ninja-forms plugin before 3.2.15 for 
WordPress has parameter
 CVE-2018-20979 (The contact-form-7 plugin before 5.0.4 for WordPress has 
privilege esc ...)
        NOT-FOR-US: contact-form-7 plugin for WordPress
 CVE-2017-18585 (The posts-in-page plugin before 1.3.0 for WordPress has 
ic_add_posts t ...)
-       TODO: check
+       NOT-FOR-US: posts-in-page plugin for WordPress
 CVE-2017-18584 (The post-pay-counter plugin before 2.731 for WordPress has no 
permissi ...)
        NOT-FOR-US: post-pay-counter plugin for WordPress
 CVE-2017-18583 (The post-pay-counter plugin before 2.731 for WordPress has PHP 
Object  ...)
@@ -459,9 +459,9 @@ CVE-2017-18581 (The time-sheets plugin before 1.5.0 for 
WordPress has XSS via th
 CVE-2017-18580 (The shortcodes-ultimate plugin before 5.0.1 for WordPress has 
remote c ...)
        NOT-FOR-US: shortcodes-ultimate plugin for WordPress
 CVE-2017-18579 (The corner-ad plugin before 1.0.8 for WordPress has XSS. ...)
-       TODO: check
+       NOT-FOR-US: corner-ad plugin for WordPress
 CVE-2017-18578 (The crafty-social-buttons plugin before 1.5.8 for WordPress 
has XSS. ...)
-       TODO: check
+       NOT-FOR-US: crafty-social-buttons plugin for WordPress
 CVE-2017-18577 (The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS 
via the ...)
        NOT-FOR-US: mailchimp-for-wp plugin for WordPress
 CVE-2017-18576 (The event-notifier plugin before 1.2.1 for WordPress has XSS 
via the l ...)
@@ -479,9 +479,9 @@ CVE-2017-18571 (The search-everything plugin before 8.1.7 
for WordPress has SQL
 CVE-2017-18570 (The cforms2 plugin before 14.13 for WordPress has SQL 
injection in the ...)
        NOT-FOR-US: cforms2 plugin for WordPress
 CVE-2016-10929 (The advanced-ajax-page-loader plugin before 2.7.7 for 
WordPress has no ...)
-       TODO: check
+       NOT-FOR-US: advanced-ajax-page-loader plugin for WordPress
 CVE-2016-10928 (The onelogin-saml-sso plugin before 2.2.0 for WordPress has a 
hardcode ...)
-       TODO: check
+       NOT-FOR-US: onelogin-saml-sso plugin for WordPress
 CVE-2016-10927 (The nelio-ab-testing plugin before 4.5.11 for WordPress has 
SSRF in aj ...)
        NOT-FOR-US: nelio-ab-testing plugin for WordPress
 CVE-2016-10926 (The nelio-ab-testing plugin before 4.5.9 for WordPress has 
SSRF in aja ...)
@@ -513,7 +513,7 @@ CVE-2015-9336 (The clean-login plugin before 1.5.1 for 
WordPress has reflected X
 CVE-2015-9335 (The limit-attempts plugin before 1.1.1 for WordPress has SQL 
injection ...)
        NOT-FOR-US: limit-attempts plugin for WordPress
 CVE-2015-9334 (The email-newsletter plugin through 20.15 for WordPress has SQL 
inject ...)
-       TODO: check
+       NOT-FOR-US: email-newsletter plugin for WordPress
 CVE-2015-9333 (The cforms2 plugin before 14.6.10 for WordPress has SQL 
injection. ...)
        NOT-FOR-US: cforms2 plugin for WordPress
 CVE-2014-10385 (The memphis-documents-library plugin before 3.0 for WordPress 
has XSS  ...)
@@ -523,9 +523,9 @@ CVE-2014-10384 (The memphis-documents-library plugin before 
3.0 for WordPress ha
 CVE-2014-10383 (The memphis-documents-library plugin before 3.0 for WordPress 
has Remo ...)
        NOT-FOR-US: memphis-documents-library plugin for WordPress
 CVE-2014-10382 (The feature-comments plugin before 1.2.5 for WordPress has 
CSRF for fe ...)
-       TODO: check
+       NOT-FOR-US: feature-comments plugin for WordPress
 CVE-2013-7483 (The slidedeck2 plugin before 2.3.5 for WordPress has file 
inclusion. ...)
-       TODO: check
+       NOT-FOR-US: slidedeck2 plugin for WordPress
 CVE-2013-7482 (The reflex-gallery plugin before 1.4.3 for WordPress has XSS. 
...)
        NOT-FOR-US: reflex-gallery plugin for WordPress
 CVE-2013-7481 (The contact-form-plugin plugin before 3.3.5 for WordPress has 
XSS. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3eff7f3f093fc1cbefdbbda8e24ecd61e47897ef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3eff7f3f093fc1cbefdbbda8e24ecd61e47897ef
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs for WordPress plugins

Reply via email to