Hi Christian, On Tue, Mar 17, 2026 at 08:16:34AM +0100, Christian Fischer wrote: > Hello, > > i would like to point out that the following CVE: > > https://security-tracker.debian.org/tracker/CVE-2026-3906 > > is currently marked as: > > > NOT-FOR-US: WordPress plugin > > But actually this CVE seems to be about WordPress itself: > > > An authorization bypass on the Notes feature > > > > https://wordpress.org/news/2026/03/wordpress-6-9-2-release/
You are right about this, thanks a lot for reporting. I have updated our metadata on the CVE: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05791d207d7dc02bc7f17296627ce8bd66deda58 Regards, Salvatore
