Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2025-58806 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed 6 packages haskellPackages.bugsnag python312Packages.bugsnag python313Packages.bugsnag haskellPackages.bugsnag-hs haskellPackages.bugsnag-wai haskellPackages.bugsnag-yesod 1 month ago @LeSuisse dismissed 1 month ago WordPress WordPress Error Monitoring by Bugsnag Plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3. bugsnag =<1.6.3 CVE-2025-58801 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed package responder 1 month ago @LeSuisse dismissed 1 month ago WordPress Responder Plugin <= 4.3.8 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8. responder =<4.3.8 CVE-2025-58820 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed package haskellPackages.data-carousel 1 month ago @LeSuisse dismissed 1 month ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. carousel =<1.8 CVE-2025-58822 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed package wordpressPackages.plugins.wp-mail-smtp 1 month ago @LeSuisse dismissed 1 month ago WordPress WP Mail Plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail allows DOM-Based XSS. This issue affects WP Mail: from n/a through 1.3. wp-mail =<1.3 CVE-2025-54709 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed 4 packages python312Packages.datasalad python313Packages.datasalad python312Packages.schema-salad python313Packages.schema-salad 1 month ago @LeSuisse dismissed 1 month ago WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. sala =<1.1.6 CVE-2025-58997 9.6 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed 8 packages libmowgli python312Packages.aioautomower python313Packages.aioautomower python312Packages.automower-ble python313Packages.automower-ble home-assistant-component-tests.lawn_mower home-assistant-component-tests.husqvarna_automower home-assistant-component-tests.husqvarna_automower_ble 1 month ago @LeSuisse dismissed 1 month ago WordPress Mow Theme <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10. mow =<4.10 CVE-2025-58993 7.6 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): LOW updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed 6 packages haskellPackages.timeless-tutorials typstPackages.tutor_0_8_0 typstPackages.tutor_0_7_0 typstPackages.tutor_0_6_1 typstPackages.tutor_0_4_0 typstPackages.tutor_0_3_0 1 month ago @LeSuisse dismissed 1 month ago WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4. tutor =<3.7.4 CVE-2025-57924 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed package darwin.developer_cmds 1 month ago @mweinelt dismissed 1 month ago WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6. developer =<1.2.6 CVE-2025-58199 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed 3 packages fastly prometheus-fastly-exporter terraform-providers.fastly 1 month ago @mweinelt dismissed 1 month ago WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28. fastly =<1.2.28 CVE-2025-57996 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed 3 packages buckets python312Packages.bucketstore python313Packages.bucketstore 1 month ago @mweinelt dismissed 1 month ago WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9. buckets =<0.3.9
CVE-2025-58806 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed 6 packages haskellPackages.bugsnag python312Packages.bugsnag python313Packages.bugsnag haskellPackages.bugsnag-hs haskellPackages.bugsnag-wai haskellPackages.bugsnag-yesod 1 month ago @LeSuisse dismissed 1 month ago WordPress WordPress Error Monitoring by Bugsnag Plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3. bugsnag =<1.6.3
CVE-2025-58801 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed package responder 1 month ago @LeSuisse dismissed 1 month ago WordPress Responder Plugin <= 4.3.8 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8. responder =<4.3.8
CVE-2025-58820 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed package haskellPackages.data-carousel 1 month ago @LeSuisse dismissed 1 month ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. carousel =<1.8
CVE-2025-58822 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed package wordpressPackages.plugins.wp-mail-smtp 1 month ago @LeSuisse dismissed 1 month ago WordPress WP Mail Plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail allows DOM-Based XSS. This issue affects WP Mail: from n/a through 1.3. wp-mail =<1.3
CVE-2025-54709 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed 4 packages python312Packages.datasalad python313Packages.datasalad python312Packages.schema-salad python313Packages.schema-salad 1 month ago @LeSuisse dismissed 1 month ago WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. sala =<1.1.6
CVE-2025-58997 9.6 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed 8 packages libmowgli python312Packages.aioautomower python313Packages.aioautomower python312Packages.automower-ble python313Packages.automower-ble home-assistant-component-tests.lawn_mower home-assistant-component-tests.husqvarna_automower home-assistant-component-tests.husqvarna_automower_ble 1 month ago @LeSuisse dismissed 1 month ago WordPress Mow Theme <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10. mow =<4.10
CVE-2025-58993 7.6 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): LOW updated 1 month ago by @LeSuisse Activity log Created automatic suggestion 2 months, 1 week ago @LeSuisse removed 6 packages haskellPackages.timeless-tutorials typstPackages.tutor_0_8_0 typstPackages.tutor_0_7_0 typstPackages.tutor_0_6_1 typstPackages.tutor_0_4_0 typstPackages.tutor_0_3_0 1 month ago @LeSuisse dismissed 1 month ago WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4. tutor =<3.7.4
CVE-2025-57924 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed package darwin.developer_cmds 1 month ago @mweinelt dismissed 1 month ago WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6. developer =<1.2.6
CVE-2025-58199 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed 3 packages fastly prometheus-fastly-exporter terraform-providers.fastly 1 month ago @mweinelt dismissed 1 month ago WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28. fastly =<1.2.28
CVE-2025-57996 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed 3 packages buckets python312Packages.bucketstore python313Packages.bucketstore 1 month ago @mweinelt dismissed 1 month ago WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9. buckets =<0.3.9