7.1
CVE-2025-60164 - WordPress NewsmanApp plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp newsmanapp allows Stored XSS.This issue affects NewsmanApp: from n/a through <= 2.7.7.
6.5
CVE-2025-60163 - WordPress bbp topic count plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin W bbp topic count bbp-topic-count allows DOM-Based XSS.This issue affects bbp topic count: from n/a through <= 3.2.
6.5
CVE-2025-60162 - WordPress Job Board Manager Plugin <= 2.1.61 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager job-board-manager allows DOM-Based XSS.This issue affects Job Board Manager: from n/a through <= 2.1.61.
5.4
CVE-2025-60161 - WordPress ZoloBlocks Plugin <= 2.3.11 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlocks zoloblocks allows Server Side Request Forgery.This issue affects ZoloBlocks: from n/a through <= 2.3.11.
5.9
CVE-2025-60160 - WordPress Smart Related Products plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sharkthemes Smart Related Products ai-related-products allows Stored XSS.This issue affects Smart Related Products: from n/a through <= 2.0.8.
4.3
CVE-2025-60159 - WordPress Nota Fiscal Eletrônica WooCommerce plugin <= 3.4.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce nota-fiscal-eletronica-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through <= 3.4.0.9.
5.9
CVE-2025-60158 - WordPress Nota Fiscal Eletrônica WooCommerce plugin <= 3.4.0.9 - Cross Site Scripting (XSS) vulnera…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce nota-fiscal-eletronica-woocommerce allows Stored XSS.This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through <= 3.4.0.9.
6.5
CVE-2025-60157 - WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - Cross Site …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System wp-ticket allows Stored XSS.This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a throu…
9.6
CVE-2025-60156 - WordPress AR For WordPress plugin <= 8.34 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.34.
5.3
CVE-2025-60155 - WordPress WP Virtual Assistant Plugin <= 3.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Virtual Assistant: from n/a through <= 3.0.