4.3
CVE-2025-63067 - WordPress Porto Theme - Functionality plugin < 3.7.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3.
6.5
CVE-2025-63066 - WordPress Porto Theme - Functionality plugin < 3.7.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3.
5.3
CVE-2025-63065 - WordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assistant: from n/a through <= 3.29.
6.5
CVE-2025-63064 - WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through <= 4.9.12.
5.3
CVE-2025-63063 - WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2.
7.5
CVE-2025-63062 - WordPress UDesign Core plugin <= 4.14.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This issue affects UDesign Core: from n/a through <= 4.14.0.
6.5
CVE-2025-63061 - WordPress KALLYAS theme < 4.25.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hogash KALLYAS kallyas allows DOM-Based XSS.This issue affects KALLYAS: from n/a through < 4.25.0.
4.3
CVE-2025-63060 - WordPress KALLYAS theme < 4.25.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through < 4.25.0.
6.5
CVE-2025-63059 - WordPress Ninja Popups plugin <= 4.7.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arscode Ninja Popups arscode-ninja-popups allows Stored XSS.This issue affects Ninja Popups: from n/a through <= 4.7.8.
4.3
CVE-2025-63058 - WordPress Custom Field Template plugin <= 2.7.6 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through <= 2.7.6.