Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e5c4e6d by security tracker role at 2026-06-16T07:14:08+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2026-9691 (Unauthenticated PHP Object Injection in Integration for
ActiveCampaign ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-9262 (Use of a non-secure protocol as the default FTP configuration
in Canon ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-9261 (Use of weak SSH cryptographic algorithms in Canon EOS Network
Setting ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-9260 (Use of hard-coded cryptographic keys in Canon EOS Network
Setting Tool ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-9259 (Improper validation of server certificates in Canon EOS Network
Settin ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-9258 (Improper validation of SSH host keys in Canon EOS Network
Setting Tool ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-9187 (The Abandoned Contact Form 7 plugin for WordPress is vulnerable
to una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8443 (The WP Review Slider Pro plugin for WordPress is vulnerable to
SQL Inj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7273 (A stack-based buffer overflow vulnerability in the CGI program
of Zyxe ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-6964 (The Video Conferencing with Zoom plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6933 (The Premmerce Dev Tools plugin for WordPress is vulnerable to
Remote C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5149 (The RTMKit plugin for WordPress is vulnerable to Incorrect
Authorizati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5064 (Potential security vulnerabilities have been identified in the
HP One ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-54444
REJECTED
CVE-2026-54296
@@ -43,23 +43,23 @@ CVE-2026-52721 (Multiple out-of-bounds read vulnerabilities
were found in GStrea
CVE-2026-52720 (A heap buffer overflow vulnerability was found in GStreamer's
librfb ( ...)
TODO: check
CVE-2026-52703 (Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52702 (Unauthenticated Cross Site Scripting (XSS) in SEO Redirection
<= 9.17 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52700 (Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52699 (Unauthenticated Insecure Direct Object References (IDOR) in
VikRentCar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52697 (Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52695 (Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout
<= 1.8. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52694 (Unauthenticated Sensitive Data Exposure in Signature Add-On
for WooCom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52693 (Unauthenticated SQL Injection in eCommerce Product Catalog <=
3.5.5 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52692 (Unauthenticated Sensitive Data Exposure in Affiliates Manager
<= 2.9.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-50892 (Incorrect access control in the "Let's Encrypt" certificate
download e ...)
TODO: check
CVE-2026-50891 (Incorrect access control in the /admin/api/config component of
Filesta ...)
@@ -117,121 +117,121 @@ CVE-2026-49953 (Discuz! X5.0 releases 20260320 through
20260610 contains a CAPTC
CVE-2026-49952 (Discuz! X5.0 releases 20260320 through 20260501 contains an
authentica ...)
TODO: check
CVE-2026-49781 (Unauthenticated PHP Object Injection in OttoKit <= 1.1.27
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49780 (Customer Privilege Escalation in Dokan <= 5.0.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49776 (Unauthenticated SQL Injection in GPTranslate \u2013
Multilingual AI Tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49775 (Unauthenticated Broken Access Control in Welcart e-Commerce <=
2.11.28 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49773 (Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video
Player < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49770 (Unauthenticated PHP Object Injection in WP Travel Engine <=
6.7.12 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49769 (Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49768 (Unauthenticated PHP Object Injection in Happyforms <= 1.26.13
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49766 (Subscriber Arbitrary File Deletion in WP User Manager <=
2.9.16 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49765 (Unauthenticated PHP Object Injection in Integration for
Mailchimp and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49764 (Unauthenticated Broken Authentication in RegistrationMagic <=
6.0.8.6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49763 (Unauthenticated PHP Object Injection in Integration for
Contact Form 7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49112 (Unauthenticated Path Traversal in Shared Files <= 1.7.64
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49110 (Unauthenticated Broken Authentication in Upsell Order Bump
Offer for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49109 (Unauthenticated PHP Object Injection in Integration for
Salesforce and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49106 (Unauthenticated PHP Object Injection in Integration for
Contact Form 7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49105 (Unauthenticated PHP Object Injection in WP Zendesk for Contact
Form 7, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49104 (Unauthenticated PHP Object Injection in Integration for
Keap/infusions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49085 (Unauthenticated PHP Object Injection in WP Insightly for
Contact Form ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49083 (Contributor Privilege Escalation in LatePoint <= 5.5.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49082 (Subscriber Sensitive Data Exposure in Chatway Live Chat
– AI Cha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49078 (Unauthenticated Other Vulnerability Type in WP Travel Engine
<= 6.7.10 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49070 (Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49068 (Subscriber Sensitive Data Exposure in Coupon Affiliates <=
7.8.1 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49067 (Unauthenticated SQL Injection in Advanced 301 and 302 Redirect
<= 1.6. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49066 (Unauthenticated Sensitive Data Exposure in Conekta Payment
Gateway <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49065 (Unauthenticated Broken Access Control in Hippoo Mobile App for
WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49063 (Unauthenticated Privilege Escalation in Listdom <= 5.5.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49061 (Unauthenticated Arbitrary File Download in WPC Product Options
for Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49056 (Unauthenticated Sensitive Data Exposure in WooCommerce PDF
Invoices, P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49055 (Unauthenticated Cross Site Scripting (XSS) in Drag and Drop
Multiple F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49043 (Unauthenticated Cross Site Request Forgery (CSRF) in WP
Migrate Lite < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48970 (Unauthenticated Broken Authentication in Really Simple SSL <=
9.5.10 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48966 (Unauthenticated Cross Site Scripting (XSS) in Funnel Builder
by Funnel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48965 (Subscriber Sensitive Data Exposure in XCloner <= 4.8.6
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48964 (Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer
Ticketi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48889 (Subscriber Privilege Escalation in Amelia <= 2.3 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48887 (Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48886 (Unauthenticated SQL Injection in JS Help Desk <= 3.0.9
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48885 (Unauthenticated Cross Site Scripting (XSS) in HollerBox <=
2.3.10.1 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48883 (Unauthenticated Broken Access Control in WPC Product Bundles
for WooCo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48882 (Subscriber SQL Injection in WP Time Slots Booking Form <=
1.2.50 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48881 (Unauthenticated Broken Access Control in TrueBooker <= 1.1.9
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48880 (Subscriber Cross Site Scripting (XSS) in WP Job Portal <=
2.5.2 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48878 (Subscriber Sensitive Data Exposure in Visual Link Preview <=
2.4.1 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48876 (Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <=
2026.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48874 (Subscriber SQL Injection in GamiPress <= 7.8.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48873 (Unauthenticated Broken Access Control in Montonio for
WooCommerce <= 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48872 (Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48871 (Unauthenticated Cross Site Scripting (XSS) in MW WP Form <=
5.1.3 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48870 (Subscriber Cross Site Scripting (XSS) in King Addons for
Elementor <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48868 (Unauthenticated Insecure Direct Object References (IDOR) in
Simple Sho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48867 (Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey
Master < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48854 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
TODO: check
CVE-2026-48853 (Deserialization of Untrusted Data and Allocation of Resources
Without ...)
TODO: check
CVE-2026-48838 (Unauthenticated Cross Site Scripting (XSS) in Post SMTP <=
3.6.2 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48836 (Unauthenticated Remote Code Execution (RCE) in Easy Invoice <=
2.1.19 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48835 (Unauthenticated Broken Access Control in Contact Form by
WPForms <= 1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48723 (The browserstack-cypress-cli is BrowserStack's CLI which
allows users ...)
TODO: check
CVE-2026-48714 (i18next-http-middleware is a middleware to be used with
Node.js web fr ...)
@@ -255,17 +255,17 @@ CVE-2026-48114 (Metacat is data repository software that
helps researchers prese
CVE-2026-48017 (DbGate is cross-platform database manager. In versions 7.1.8
and prior ...)
TODO: check
CVE-2026-47835 (In Spring AI Vector Stores, special characters could be used
to force ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-47825 (Spring Cloud Gateway Server forwards the X-Forwarded-For and
Forwarded ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-47261 (Wasmtime is a runtime for WebAssembly. In versions prior to
24.0.9, 36 ...)
TODO: check
CVE-2026-45441 (Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45439 (Unauthenticated SQL Injection in Realtyna Organic IDX plugin
<= 5.1.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45437 (Unauthenticated Cross Site Scripting (XSS) in Product Filter
Widget fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45390 (In OCaml-tar before 3.4.0, a crafted archive with ../ path
segments in ...)
TODO: check
CVE-2026-45389 (In OCaml-TLS before 2.1.0, the server implementation does
insufficient ...)
@@ -273,225 +273,225 @@ CVE-2026-45389 (In OCaml-TLS before 2.1.0, the server
implementation does insuff
CVE-2026-45388 (In OCaml-TLS before 2.1.0, the client implementation does
insufficient ...)
TODO: check
CVE-2026-42775 (Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <=
5.7.2 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42752 (Unauthenticated Bypass Vulnerability in Stripe Payments <=
2.0.98 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42743 (Unauthenticated Broken Authentication in Masteriyo - LMS <=
2.1.8 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42688 (Subscriber Cross Site Scripting (XSS) in Modula Image Gallery
<= 2.14. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42687 (Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42686 (Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42668 (Unauthenticated Broken Authentication in Email Marketing for
WooCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42667 (Unauthenticated Sensitive Data Exposure in Bookly <= 27.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42666 (Unauthenticated Broken Access Control in Salon booking system
<= 10.30 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42665 (Unauthenticated SQL Injection in WP Data Access <= 5.5.70
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42664 (Unauthenticated Broken Access Control in AI Product Search for
WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42663 (Unauthenticated Cross Site Scripting (XSS) in Simple
Membership <= 4.7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42662 (Unauthenticated Bypass Vulnerability in Event Tickets <=
5.27.5 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42661 (Custom role Path Traversal in WP Customer Area <= 8.3.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42660 (Subscriber Sensitive Data Exposure in Contest Gallery <=
28.1.7 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42659 (Subscriber Broken Access Control in Advanced Form Integration
<= 1.126 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42658 (Unauthenticated Cross Site Scripting (XSS) in Classified
Listing <= 5. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42657 (Unauthenticated Other Vulnerability Type in Contest Gallery <=
28.1.7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42656 (Subscriber Cross Site Scripting (XSS) in Contest Gallery <=
28.1.6 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42655 (Unauthenticated Bypass Vulnerability in Best Payments Plugin
for WP <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42651 (Subscriber Broken Access Control in Classified Listing <=
5.3.9 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42650 (Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <=
5.6.7 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42649 (Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator
<= 1.2.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42640 (Unauthenticated Broken Access Control in Classified Listing <=
5.3.8 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42639 (Unauthenticated SQL Injection in GD Rating System <= 3.6.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42411 (Unauthenticated Broken Authentication in CloudSecure WP
Security <= 1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42386 (Unauthenticated SQL Injection in Order Delivery Date for
WooCommerce < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42384 (Unauthenticated Sensitive Data Exposure in Simply Schedule
Appointment ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42381 (Unauthenticated SQL Injection in Funnel Builder by FunnelKit
<= 3.15.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42378 (Subscriber Broken Authentication in WP Full Stripe Free <=
8.4.1 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-41708 (In Spring Cloud Sleuth, it is possible for a user to provide
specially ...)
TODO: check
CVE-2026-41556 (Subscriber Cross Site Scripting (XSS) in ProfilePress <=
4.16.13 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40799 (Unauthenticated Broken Authentication in Simple Cloudflare
Turnstile < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40798 (Unauthenticated SQL Injection in wpForo Forum <= 3.0.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40796 (Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40795 (Subscriber Broken Access Control in Amelia <= 2.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40794 (Subscriber Broken Access Control in myCred <= 3.0.3 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40793 (Subscriber Broken Access Control in Groundhogg < 4.4.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40792 (Subscriber Insecure Direct Object References (IDOR) in
KiviCare <= 4.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40791 (Unauthenticated Cross Site Scripting (XSS) in WP Time Slots
Booking Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40790 (Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40789 (Unauthenticated Sensitive Data Exposure in Amelia <= 2.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40788 (Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40787 (Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey
Master < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40785 (Subscriber Broken Authentication in AutomatorWP <= 5.6.7
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40782 (Unauthenticated Broken Access Control in WPAdverts <= 2.3.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40781 (Unauthenticated Broken Authentication in ReviewX <= 2.3.6
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40779 (Contributor Arbitrary File Deletion in Link Library <= 7.8.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40776 (Unauthenticated Broken Access Control in WP Event SOlution <=
4.1.8 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40775 (Unauthenticated Broken Access Control in Royal MCP <= 1.4.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40774 (Unauthenticated Broken Access Control in Booking Package <=
1.7.06 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40773 (Subscriber Broken Access Control in rtMedia for WordPress,
BuddyPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40772 (Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40771 (Unauthenticated SQL Injection in Contest Gallery <= 28.1.6
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40770 (Unauthenticated Cross Site Scripting (XSS) in Coupon
Affiliates <= 7.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40769 (Unauthenticated Arbitrary File Deletion in Contact Form
Extender for D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40767 (Unauthenticated Broken Access Control in wpForo Forum < 3.0.2
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40766 (Subscriber SQL Injection in MasterStudy LMS <= 3.7.25
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40762 (Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40743 (Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40741 (Unauthenticated Broken Access Control in Redsys for
WooCommerce Light ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40732 (Unauthenticated Cross Site Scripting (XSS) in Notification for
Telegra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40727 (Sales Representative Arbitrary File Deletion in Groundhogg <=
4.4 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39594 (Subscriber Broken Access Control in Ultra Addons for WPForms
<= 1.0.11 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39591 (Subscriber Arbitrary File Upload in WP-BusinessDirectory <=
4.0.0 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39587 (Unauthenticated Privilege Escalation in WP BASE Booking <=
5.9.0 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39584 (Subscriber Broken Access Control in RepairBuddy <= 4.1132
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39583 (Unauthenticated Privilege Escalation in Datalogics Ecommerce
Delivery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39579 (Contributor Privilege Escalation in B Blocks <= 2.0.31
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39540 (Subscriber Cross Site Scripting (XSS) in Shipment Tracker for
Woocomme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39534 (Unauthenticated Broken Access Control in WP Directory Kit <=
1.5.0 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39533 (Unauthenticated Broken Access Control in AWP Classifieds <=
4.4.4 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39532 (Contributor PHP Object Injection in Events Calendar for
GeoDirectory < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39530 (Unauthenticated SQL Injection in SpeakOut! Email Petitions <=
4.6.5 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39527 (Subscriber Arbitrary File Upload in WpStream < 4.11.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39525 (Unauthenticated Broken Access Control in Booking Activities <=
1.16.48 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39524 (Unauthenticated Broken Access Control in Masteriyo - LMS <=
2.1.5 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39519 (Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39518 (Subscriber Insecure Direct Object References (IDOR) in
EventPrime <= 4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39515 (Subscriber Broken Access Control in Motors < 1.4.107 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39514 (Unauthenticated Cross Site Scripting (XSS) in Paid Member
Subscription ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39513 (Unauthenticated Broken Access Control in Easy Appointments <=
3.12.21 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39512 (Unauthenticated SQL Injection in GeoDirectory <= 2.8.152
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39511 (Unauthenticated SQL Injection in WP Photo Album Plus <=
9.1.08.001 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39507 (Unauthenticated Cross Site Scripting (XSS) in Social Slider
Feed <= 2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39503 (Unauthenticated Broken Access Control in Easy Digital
Downloads <= 3.6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39502 (Unauthenticated SQL Injection in Form Maker by 10Web <=
1.15.38 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39499 (Shop manager PHP Object Injection in Advanced Product Fields
(Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39498 (Shop manager PHP Object Injection in YayMail <= 4.3.3
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39493 (Unauthenticated SQL Injection in Simply Schedule Appointments
<= 1.6.9 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39492 (Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39491 (Subscriber Cross Site Scripting (XSS) in JupiterX Core <=
4.14.1 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39489 (Author Arbitrary File Download in Download Monitor <= 5.1.9
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39481 (Author PHP Object Injection in Modula Image Gallery <= 2.14.18
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39480 (Unauthenticated Sensitive Data Exposure in Backup Migration <=
2.1.1 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39478 (Contributor PHP Object Injection in Anti-Malware Security and
Brute-Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39474 (Contributor PHP Object Injection in Post Duplicator <= 3.0.10
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39472 (Shop manager PHP Object Injection in WooCommerce PDF Invoices
& Packin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39471 (Author PHP Object Injection in ShortPixel Image Optimizer <=
6.4.3 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39470 (Shop manager Privilege Escalation in WooCommerce Cart
Abandonment Reco ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39468 (Contributor Arbitrary File Deletion in Meta Box \u2013
WordPress Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39465 (Editor Remote Code Execution (RCE) in Responsive Slider by
MetaSlider ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39463 (Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker
<= 4.9.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39451 (Unauthenticated Cross Site Scripting (XSS) in WP Google Review
Slider ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39450 (Subscriber Broken Authentication in FunnelKit Automations <=
3.7.3 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39449 (Unauthenticated Cross Site Scripting (XSS) in Contact Form to
Any API ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39447 (Unauthenticated Cross Site Scripting (XSS) in Simply Schedule
Appointm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39441 (Unauthenticated SQL Injection in Feed KuantoKusta for
WooCommerce \u20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39435 (Unauthenticated Cross Site Scripting (XSS) in CformsII <=
15.1.3 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39434 (Shop manager PHP Object Injection in CTX Feed <= 6.6.26
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39197 (An issue in the /util/http/prelude.rs endpoint of Datadog, Inc
Vector ...)
TODO: check
CVE-2026-39196 (Datadog, Inc Vector v0.54.0 was discovered to contain a SQL
injection ...)
@@ -507,17 +507,17 @@ CVE-2026-38812 (RuoYi v4.8.2 is vulnerable to SQL
Injection via the /tool/gen/cr
CVE-2026-38329 (Bludit CMS before version 3.18.4 allows Remote Code Execution
(RCE) vi ...)
TODO: check
CVE-2026-38065 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-38064 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-38063 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-38062 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-38061 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-38060 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-37216 (Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the
interfa ...)
TODO: check
CVE-2026-36933 (An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a
physical ...)
@@ -531,71 +531,71 @@ CVE-2026-36521 (PublicCMS V5.202506.d has a Cross Site
Scripting (XSS) vulnerabi
CVE-2026-36213 (An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a
local att ...)
TODO: check
CVE-2026-34902 (Unauthenticated Cross Site Scripting (XSS) in WooCommerce
Product Tabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34901 (Unauthenticated Privilege Escalation in iControlWP <= 5.5.3
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34900 (Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34898 (Unauthenticated Broken Access Control in Event Tickets Manager
for Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34892 (Subscriber Broken Access Control in Rank Math SEO <= 1.0.271
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34891 (Unauthenticated Sensitive Data Exposure in IDPay Payment
Gateway for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34886 (Unauthenticated Broken Access Control in Simple Membership <=
4.7.1 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-30121 (remotion-dev remotion v4.0.409 was discovered to contain an
arbitrary ...)
TODO: check
CVE-2026-30120 (remotion-dev remotion v4.0.409 was discovered to contain a
remote code ...)
TODO: check
CVE-2026-27407 (Editor Privilege Escalation in AI Engine <= 3.4.9 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27333 (Unauthenticated Deserialization of untrusted data in Paid
Videochat Tu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27089 (Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27053 (Unauthenticated PHP Object Injection in Broadcast Live Video <
7.1.3 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25440 (Unauthenticated Broken Access Control in Essential Addons for
Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25425 (Unauthenticated Broken Access Control in User Registration <=
5.1.2 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24637 (Contributor SQL Injection in PowerPress Podcasting <= 11.15.10
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-23970 (Unauthenticated Cross Site Scripting (XSS) in Redirection for
Contact ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-12162 (Improper host validation in the social login autofill feature
in Devo ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-12161 (Improper input validation in the SSH Elevate Shell feature in
Devolut ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-11931 (Incorrect default permissions in Kiro IDE on macOS and Linux
before ve ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-10780 (The Static Block plugin for WordPress is vulnerable to
Insecure Direct ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU,
the pag ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples
NetworkConfiguration/ ...)
TODO: check
CVE-2025-69332 (Subscriber Broken Access Control in Bookify <= 1.1.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68872 (Unauthenticated Cross Site Scripting (XSS) in Eli's
WordCents adS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68851 (Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <=
2.3 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68840 (Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO
<= 1.1.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68713 (An issue was discovered in Rakuten Send Anywhere (File
Transfer) for A ...)
TODO: check
CVE-2025-68049 (Subscriber Broken Access Control in bunny.net <= 2.3.6
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60175 (Administrator Server Side Request Forgery (SSRF) in PopAd <=
1.0.4 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59133 (Custom role Insecure Direct Object References (IDOR) in
Projectopia <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-56814 (A code injection vulnerability in the wxExecute() function of
OpenCPN ...)
TODO: check
CVE-2025-10262 (Nokia SR Linux is vulnerable to local privilege escalation
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2026-XXXX [NTLM client: Avoid use-of-unitialized-value inside libntlm]
- gsasl 2.2.4-1
NOTE:
https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e5c4e6d467fe8a80b506fee81af5306c65ca846
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e5c4e6d467fe8a80b506fee81af5306c65ca846
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
