| CVE-2025-60211 | Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3. | high |
| CVE-2025-60210 | Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through <= 1.0.5. | critical |
| CVE-2025-60209 | Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.6. | critical |
| CVE-2025-60208 | Cross-Site Request Forgery (CSRF) vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through <= 2.0.9. | high |
| CVE-2025-60206 | Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3. | critical |
| CVE-2025-60176 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tattersoftware WP Tesseract wp-tesseract allows Stored XSS.This issue affects WP Tesseract: from n/a through <= 1.0.2. | medium |
| CVE-2025-60168 | Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through <= 1.6. | high |
| CVE-2025-60151 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.5. | medium |
| CVE-2025-60135 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through <= 13.0.0. | medium |
| CVE-2025-60134 | Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through <= 2.1.0. | medium |
| CVE-2025-60132 | Cross-Site Request Forgery (CSRF) vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2. | medium |
| CVE-2025-60131 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoefff Werk aan de Muur werk-aan-de-muur allows Stored XSS.This issue affects Werk aan de Muur: from n/a through <= 1.5. | medium |
| CVE-2025-60041 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Iulia Cazan Emails Catch All emails-catch-all allows Password Recovery Exploitation.This issue affects Emails Catch All: from n/a through <= 3.5.3. | high |
| CVE-2025-60039 | Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through <= 2.6.0. | critical |
| CVE-2025-59593 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through < 1.0.334. | medium |
| CVE-2025-59580 | Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation.This issue affects Goodlayers Core: from n/a through < 2.1.7. | high |
| CVE-2025-59579 | Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through <= 2.13.7. | high |
| CVE-2025-59578 | Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects ShopMagic: from n/a through <= 4.5.6. | medium |
| CVE-2025-59575 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | medium |
| CVE-2025-59571 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through < 1.7.06. | high |
| CVE-2025-59566 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows Path Traversal.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.5. | high |
| CVE-2025-59564 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through < 4.4.5. | high |
| CVE-2025-59558 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through < 2.1.6. | high |
| CVE-2025-59557 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through < 1.7.5. | critical |
| CVE-2025-59555 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects Medizin: from n/a through < 1.9.7. | high |
| CVE-2025-59550 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Xcare xcare allows PHP Local File Inclusion.This issue affects Xcare: from n/a through < 6.5. | high |
| CVE-2025-59007 | Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through <= 1.0.1. | high |
| CVE-2025-59006 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Easy Woocommerce Customizer easy-woocommerce-customizer allows Reflected XSS.This issue affects Easy Woocommerce Customizer: from n/a through <= 1.0.2. | high |
| CVE-2025-59004 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pco_58 WC Return products wc-return-product allows Reflected XSS.This issue affects WC Return products: from n/a through <= 1.5. | high |
| CVE-2025-58971 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AmentoTech Doctreat doctreat allows Reflected XSS.This issue affects Doctreat: from n/a through <= 1.6.7. | high |
| CVE-2025-58970 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through <= 1.6.7. | medium |
| CVE-2025-58967 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4. | high |
| CVE-2025-58966 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms LITE nex-forms-lite allows Reflected XSS.This issue affects NEX-Forms LITE: from n/a through < 8.2. | high |
| CVE-2025-58963 | Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9. | critical |
| CVE-2025-58961 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav CF7 Auto Responder Addon CF7-autoresponder-addon allows DOM-Based XSS.This issue affects CF7 Auto Responder Addon: from n/a through <= 2.4. | high |
| CVE-2025-58959 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through <= 6.4. | high |
| CVE-2025-58958 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through < 1.8.5. | high |
| CVE-2025-58955 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Karzo karzo allows PHP Local File Inclusion.This issue affects Karzo: from n/a through < 2.6. | high |
| CVE-2025-58921 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Tactical Popup wp-tactical-popup allows Reflected XSS.This issue affects WP Tactical Popup: from n/a through <= 1.1. | high |
| CVE-2025-58916 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Munzir Author: Munzir myshouts-shoutbox allows Reflected XSS.This issue affects Author: Munzir: from n/a through <= 0.9. | high |
| CVE-2025-57870 | A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can potentially result in unauthorized access, modification, or deletion of data from the underlying Enterprise Geodatabase. | critical |
| CVE-2025-53428 | Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.4. | high |
| CVE-2025-53427 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chibueze Okechukwu SEO Pyramid seo-pyramid allows Reflected XSS.This issue affects SEO Pyramid: from n/a through <= 1.9.8. | high |
| CVE-2025-53426 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Likert Survey Master likert-survey-master allows Reflected XSS.This issue affects Likert Survey Master: from n/a through <= 0.8.0.1. | high |
| CVE-2025-53425 | Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.2. | high |
| CVE-2025-53424 | Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4. | medium |
| CVE-2025-53423 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Triss triss allows Reflected XSS.This issue affects Triss: from n/a through <= 2.6. | high |
| CVE-2025-53422 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeWarriors WhatsApp Chat for WordPress and WooCommerce tw-whatsapp-chat-rotator allows Reflected XSS.This issue affects WhatsApp Chat for WordPress and WooCommerce: from n/a through <= 1.2.1. | high |
| CVE-2025-53421 | Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14. | medium |
| CVE-2025-53420 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows Reflected XSS.This issue affects WPLMS: from n/a through <= 1.9.9.8. | high |
