5.9
CVE-2025-60154 - WordPress MWW Disclaimer Buttons plugin <= 3.41 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jennifer Moss MWW Disclaimer Buttons mww-disclaimer-buttons allows Stored XSS.This issue affects MWW Disclaimer Buttons: from n/a through <= 3.41.
7.5
CVE-2025-60153 - WordPress Subscribe To Unlock Plugin <= 1.1.5 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe To Unlock subscribe-to-unlock allows PHP Local File Inclusion.This issue affects Subscribe To Unlock: from n/a through <= 1.1.5.
4.3
CVE-2025-60152 - WordPress Subscribe To Unlock Plugin <= 1.1.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in wpshuffle Subscribe To Unlock subscribe-to-unlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe To Unlock: from n/a through <= 1.1.5.
7.5
CVE-2025-60150 - WordPress Subscribe to Download plugin <= 2.0.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows PHP Local File Inclusion.This issue affects Subscribe to Download: from n/a through <= 2.0.9.
5.9
CVE-2025-60149 - WordPress Notely plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rocket Apps Notely notely allows Stored XSS.This issue affects Notely: from n/a through <= 1.8.0.
4.3
CVE-2025-60148 - WordPress Subscribe to Download plugin <= 2.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Download: from n/a through <= 2.0.9.
6.5
CVE-2025-60147 - WordPress HT Feed Plugin <= 1.3.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Feed ht-instagram allows Stored XSS.This issue affects HT Feed: from n/a through <= 1.3.0.
5.9
CVE-2025-60146 - WordPress Map Categories to Pages Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amit Verma Map Categories to Pages map-categories-to-pages allows Stored XSS.This issue affects Map Categories to Pages: from n/a through <= 1.3.2.
4.3
CVE-2025-60145 - WordPress Lenix scss compiler Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2.
5.9
CVE-2025-60144 - WordPress Lenix scss compiler Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Stored XSS.This issue affects Lenix scss compiler: from n/a through <= 1.2.