Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
06b77d78 by security tracker role at 2026-03-21T08:14:41+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,123 +9,123 @@ CVE-2026-4507 (A vulnerability was determined in
Mindinventory MindSQL up to 0.2
CVE-2026-4506 (A vulnerability was found in Mindinventory MindSQL up to 0.2.1.
Impact ...)
TODO: check
CVE-2026-4373 (The JetFormBuilder plugin for WordPress is vulnerable to
arbitrary fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4302 (The WowOptin: Next-Gen Popup Maker plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4261 (The Expire Users plugin for WordPress is vulnerable to
Privilege Escal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4161 (The Review Map by RevuKangaroo plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4143 (The Neos Connector for Fakturama plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4127 (The Speedup Optimization plugin for WordPress is vulnerable to
Missing ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4087 (The Pre* Party Resource Hints plugin for WordPress is
vulnerable to SQ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4086 (The WP Random Button plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4084 (The fyyd podcast shortcodes plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4083 (The Scoreboard for HTML5 Games Lite plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4077 (The Ecover Builder For Dummies plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4072 (The WordPress PayPal Donation plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4069 (The Alfie \u2013 Feed Plugin plugin for WordPress is vulnerable
to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4067 (The Ad Short plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4022 (The Show Posts list \u2013 Easy designs, filters and more
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4004 (The Task Manager plugin for WordPress is vulnerable to
arbitrary short ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3997 (The Text Toggle plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3996 (The WP Games Embed plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3864 (A vulnerability was discovered in the Kubernetes CSI Driver for
NFS wh ...)
TODO: check
CVE-2026-3651 (The Build App Online plugin for WordPress is vulnerable to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3645 (The Punnel \u2013 Landing Page Builder plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3641 (The Appmax plugin for WordPress is vulnerable to Improper Input
Valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3619 (The Sheets2Table plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3617 (The Paypal Shortcode plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3584 (The Kali Forms plugin for WordPress is vulnerable to Remote
Code Execu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3577 (The Keep Backup Daily plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3572 (The iTracker360 plugin for WordPress is vulnerable to
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3570 (The Smarter Analytics plugin for WordPress is vulnerable to
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3567 (The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3554 (The Sherk Custom Post Type Displays plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3546 (The e-shot form builder plugin for WordPress is vulnerable to
Sensitiv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3516 (The Contact List plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3506 (The WP-Chatbot for Messenger plugin for WordPress is vulnerable
to aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3478 (The Content Syndication Toolkit plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3474 (The EmailKit \u2013 Email Customizer for WooCommerce & WP
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3460 (The REST API TO MiniProgram plugin for WordPress is vulnerable
to Inse ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3368 (The Injection Guard plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3354 (The Wikilookup plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3353 (The Comment SPAM Wiper plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3350 (The Image Alt Text Manager plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3347 (The Multi Functional Flexi Lightbox plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3339 (The Keep Backup Daily plugin for WordPress is vulnerable to
Limited Pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3335 (The Canto plugin for WordPress is vulnerable to Missing
Authorization ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3334 (The CMS Commander plugin for WordPress is vulnerable to SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3333 (The MinhNhut Link Gateway plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3332 (The Xhanch - My Advanced Settings plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3331 (The Lobot Slider Administrator plugin for WordPress is
vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3003 (The Vagaro Booking Widget plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-33476 (SiYuan is a personal knowledge management system. Prior to
version 3.6 ...)
TODO: check
CVE-2026-33428 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33427 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33426 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33425 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33424 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33423 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33422 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33411 (Discourse is an open-source discussion platform. Versions
prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33291 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33251 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33243 (barebox is a bootloader. In barebox from version 2016.03.0 to
before v ...)
TODO: check
CVE-2026-33238 (WWBN AVideo is an open source video platform. Prior to version
26.0, t ...)
@@ -191,17 +191,17 @@ CVE-2026-33143 (OneUptime is a solution for monitoring
and managing online servi
CVE-2026-33142 (OneUptime is a solution for monitoring and managing online
services. P ...)
TODO: check
CVE-2026-32899 (OpenClaw versions prior to 2026.2.25 fail to consistently
apply sender ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32898 (OpenClaw versions prior to 2026.2.23 contain an authorization
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32897 (OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token
as a fal ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32896 (OpenClaw versions prior to 2026.2.21 BlueBubbles webhook
handler conta ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32895 (OpenClaw versions prior to 2026.2.26 fail to enforce sender
authorizat ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32887 (Effect is a TypeScript framework that consists of several
packages tha ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-32810 (Halloy is an IRC application written in Rust. In versions on
\*nix and ...)
TODO: check
CVE-2026-32733 (Halloy is an IRC application written in Rust. Prior to commit
0f77b2cf ...)
@@ -211,43 +211,43 @@ CVE-2026-32666 (WebCTRL systems that communicate over
BACnet inherit the protoco
CVE-2026-32663 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
TODO: check
CVE-2026-32067 (OpenClaw versions prior to 2026.2.26 contains an authorization
bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32065 (OpenClaw versions prior to 2026.2.25 contain an
approval-integrity byp ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32064 (OpenClaw versions prior to 2026.2.21 sandbox browser
entrypoint launch ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32058 (OpenClaw versions prior to 2026.2.26 contain an approval
context-bindi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32057 (OpenClaw versions prior to 2026.2.25 contain an authentication
bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32056 (OpenClaw versions prior to 2026.2.22 fail to sanitize shell
startup en ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32055 (OpenClaw versions prior to 2026.2.26 contain a path traversal
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32054 (OpenClaw versions prior to 2026.2.25 contain a symlink
traversal vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32053 (OpenClaw versions prior to 2026.2.23 contain a vulnerability
in Twilio ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32052 (OpenClaw versions prior to 2026.2.24 contain a command
injection vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32051 (OpenClaw versions prior to 2026.3.1 contain an authorization
mismatch ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32050 (OpenClaw versions prior to 2026.2.25 contain an access control
vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32049 (OpenClaw versions prior to 2026.2.22 fail to consistently
enforce conf ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32048 (OpenClaw versions prior to 2026.3.1 fail to enforce sandbox
inheritanc ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32046 (OpenClaw versions prior to 2026.2.21 contain an improper
sandbox confi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32045 (OpenClaw versions prior to 2026.2.21 incorrectly apply
tokenless Tails ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32044 (OpenClaw versions prior to 2026.3.2 contain an archive
extraction vuln ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32043 (OpenClaw versions prior to 2026.2.25 contain a
time-of-check-time-of-u ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32042 (OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a
privilege esc ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31926 (Charging station authentication identifiers are publicly
accessible vi ...)
TODO: check
CVE-2026-31904 (The WebSocket Application Programming Interface lacks
restrictions on ...)
@@ -255,49 +255,49 @@ CVE-2026-31904 (The WebSocket Application Programming
Interface lacks restrictio
CVE-2026-31903 (The WebSocket Application Programming Interface lacks
restrictions on ...)
TODO: check
CVE-2026-2941 (The Linksy Search and Replace plugin for WordPress is
vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2837 (The Ricerca \u2013 advanced search plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2723 (The Post Snippits plugin for WordPress is vulnerable to
Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2720 (The Hr Press Lite plugin for WordPress is vulnerable to
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2598
REJECTED
CVE-2026-2503 (The ElementCamp plugin for WordPress is vulnerable to
time-based SQL I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2501 (The Ed's Social Share plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2496 (The Ed's Font Awesome plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2468 (The Quentn WP plugin for WordPress is vulnerable to SQL
Injection via ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2440 (The SurveyJS plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2430 (The Autoptimize plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2427 (The itsukaita plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2424 (The Reward Video Ad for WordPress plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2378 (ArcSearch for Android versions prior to 1.12.7 could display a
differe ...)
TODO: check
CVE-2026-2375 (The App Builder \u2013 Create Native Android & iOS Apps On The
Flight ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2352 (The Autoptimize plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2351 (The Task Manager plugin for WordPress is vulnerable to
Arbitrary File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2294 (The UiPress lite | Effortless custom dashboards, admin themes
and page ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2290 (The Post Affiliate Pro plugin for WordPress is vulnerable to
Server-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2279 (The myLinksDump plugin for WordPress is vulnerable to SQL
Injection vi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2277 (The rexCrawler plugin for WordPress is vulnerable to Reflected
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2121 (The Weaver Show Posts plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29796 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
TODO: check
CVE-2026-28204 (Charging station authentication identifiers are publicly
accessible vi ...)
@@ -313,77 +313,77 @@ CVE-2026-24060 (Service information is not encrypted when
transmitted as BACnet
CVE-2026-23536 (A security issue was discovered in the Feast Feature Server's
`/read-d ...)
TODO: check
CVE-2026-22163 (Requires malware code to misuse the DDK kernel module IOCTL
interface. ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-21732 (A web page that contains unusual GPU shader code is loaded
into the GP ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-1935 (The Company Posts for LinkedIn plugin for WordPress is
vulnerable to M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1914 (The FuseDesk plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1911 (The Twitter Feeds plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1908 (The Integration with Hubspot Forms plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1899 (The Any Post Slider plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1891 (The Simple Football Scoreboard plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1889 (The Outgrow plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1886 (The Go Night Pro | WordPress Dark Mode Plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1854 (The Post Flagger plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1851 (The iVysilani Shortcode plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1822 (The WP NG Weather plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1806 (The Tour & Activity Operator Plugin for TourCMS plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1800 (The Fonts Manager | Custom Fonts plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1648 (The Performance Monitor plugin for WordPress is vulnerable to
Server-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1647 (The Comment Genius plugin for WordPress is vulnerable to
Reflected Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1575 (The Schema Shortcode plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1503 (The login_register plugin for WordPress is vulnerable to
Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1397 (The PQ Addons \u2013 Creative Elementor Widgets plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1393 (The Add Google Social Profiles to Knowledge Graph Box plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1392 (The SR WP Minify HTML plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1390 (The Redirect countdown plugin for WordPress is vulnerable to
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1378 (The WP Posts Re-order plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1313 (The MimeTypes Link Icons plugin for WordPress is vulnerable to
Server- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1278 (The Mandatory Field plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1275 (The Multi Post Carousel by Category plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1253 (The Group Chat & Video Chat by AtomChat plugin for WordPress is
vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1247 (The Survey plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1093 (The WPFAQBlock\u2013 FAQ & Accordion Plugin For Gutenberg
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0609 (The Logo Slider \u2013 Logo Carousel, Logo Showcase & Client
Logo Slid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-63261 (AWStats 8.0 is vulnerable to Command Injection via the open
function)
TODO: check
CVE-2025-55988 (An issue in the component /Controllers/RestController.php of
DreamFact ...)
TODO: check
CVE-2025-14037 (The Invelity Product Feeds plugin for WordPress is vulnerable
to arbit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13910 (The WP-WebAuthn plugin for WordPress is vulnerable to
Unauthenticated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13785 (The The Contact Form, Survey, Quiz & Popup Form Builder \u2013
ARForms ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the
URL which ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06b77d78590c5e0c2a63fd7fc72076725593d068
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06b77d78590c5e0c2a63fd7fc72076725593d068
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
