9.8
CVE-2025-60245 - WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12.
7.1
CVE-2025-60244 - WordPress TableOn plugin <= 1.0.5.1 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
9.8
CVE-2025-60243 - WordPress Selling Commander for WooCommerce plugin <= 1.2.46 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through <= 1.2.46.
7.5
CVE-2025-60242 - WordPress Download Counter plugin <= 1.4 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through <= 1.4.
7.5
CVE-2025-60241 - WordPress Premmerce plugin <= 1.3.19 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through <= 1.3.19.
7.5
CVE-2025-60240 - WordPress AnyComment plugin <= 0.3.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through <= 0.3.6.
8.5
CVE-2025-60239 - WordPress CoSchool LMS plugin <= 1.4.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through <= 1.4.3.
10
CVE-2025-60235 - WordPress Support Ticket System for WooCommerce plugin <= 2.0.7 - Arbitrary File Upload vulnerabiliβ¦
Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Support Ticket System for WooCommerce (Premium): from n/a through <= 2.0.7.
10
CVE-2025-60207 - WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vβ¦
Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2.
7.5
CVE-2025-60204 - WordPress WooCommerce Store Toolkit plugin <= 2.4.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store Toolkit: from n/a through <= 2.4.3.