4.3
CVE-2025-60134 - WordPress WP Media Categories Plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through <= 2.1.0.
7.1
CVE-2025-60132 - WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2.
5.9
CVE-2025-60131 - WordPress Werk aan de Muur Plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoefff Werk aan de Muur werk-aan-de-muur allows Stored XSS.This issue affects Werk aan de Muur: from n/a through <= 1.5.
8.8
CVE-2025-60041 - WordPress Emails Catch All plugin <= 3.5.3 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iulia Cazan Emails Catch All emails-catch-all allows Password Recovery Exploitation.This issue affects Emails Catch All: from n/a through <= 3.5.3.
9.8
CVE-2025-60039 - WordPress Noisa theme <= 2.6.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through <= 2.6.0.
5.9
CVE-2025-59593 - WordPress Colibri Page Builder Plugin < 1.0.334 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through < 1.0.334.
8.8
CVE-2025-59580 - WordPress Goodlayers Core plugin < 2.1.7 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation.This issue affects Goodlayers Core: from n/a through < 2.1.7.
7.5
CVE-2025-59579 - WordPress Simple Job Board plugin <= 2.13.7 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through <= 2.13.7.
5.8
CVE-2025-59578 - WordPress ShopMagic plugin <= 4.5.6 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects ShopMagic: from n/a through <= 4.5.6.
5
CVE-2025-59575 - WordPress MasterStudy LMS plugin <= 3.6.20 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.