4.3
CVE-2025-60143 - WordPress Netgsm plugin <= 2.9.69 - Broken Access Control vulnerability
Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through <= 2.9.69.
6.5
CVE-2025-60142 - WordPress Simple Meta Tags Plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags simple-meta-tags allows DOM-Based XSS.This issue affects Simple Meta Tags: from n/a through <= 1.5.
5.9
CVE-2025-60141 - WordPress The Tribal Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thetechtribe The Tribal the-tech-tribe allows Stored XSS.This issue affects The Tribal: from n/a through <= 1.3.3.
5.3
CVE-2025-60140 - WordPress The Tribal Plugin <= 1.3.3 - Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.3.
4.3
CVE-2025-60139 - WordPress Sendle Shipping plugin <= 6.02 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through <= 6.02.
6.5
CVE-2025-60138 - WordPress SKT Blocks plugin <= 2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a through <= 2.6.
4.3
CVE-2025-60137 - WordPress Post Featured Video Plugin <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video post-featured-video allows Cross Site Request Forgery.This issue affects Post Featured Video: from n/a through <= 1.7.
5.9
CVE-2025-60136 - WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through <= 1.0.2.
5.9
CVE-2025-60133 - WordPress PE Easy Slider Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DJ-Extensions.com PE Easy Slider pe-easy-slider allows Stored XSS.This issue affects PE Easy Slider: from n/a through <= 1.1.0.
5.3
CVE-2025-60130 - WordPress WEDOS Global Plugin <= 1.2.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in wedos.com WEDOS Global wgpwpp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WEDOS Global: from n/a through <= 1.2.2.