5.3
CVE-2025-60129 - WordPress Yext Plugin <= 1.1.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Yext Yext yext allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Yext: from n/a through <= 1.1.3.
4.3
CVE-2025-60128 - WordPress Delisho Plugin <= 1.1.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WP Delicious Delisho dr-widgets-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Delisho: from n/a through <= 1.1.3.
5.4
CVE-2025-60127 - WordPress CopySafe Web Protection plugin <= 5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in ArtistScope CopySafe Web Protection wp-copysafe-web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CopySafe Web Protection: from n/a through <= 5.1.
8.8
CVE-2025-60126 - WordPress Testimonial Slider Plugin <= 3.5.8.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider testimonial-add allows PHP Local File Inclusion.This issue affects Testimonial Slider: from n/a through <= 3.5.8.6.
5.3
CVE-2025-60125 - WordPress FoodBook Plugin <= 4.7.6 - Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook foodbook allows Retrieve Embedded Sensitive Data.This issue affects FoodBook: from n/a through <= 4.7.6.
6.5
CVE-2025-60124 - WordPress Simple Colorbox Plugin <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Hellyer Simple Colorbox simple-colorbox allows Stored XSS.This issue affects Simple Colorbox: from n/a through <= 1.6.1.
4.3
CVE-2025-60123 - WordPress HivePress Claim Listings plugin <= 1.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in HivePress HivePress Claim Listings hivepress-claim-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HivePress Claim Listings: from n/a through <= 1.1.3.
4.3
CVE-2025-60122 - WordPress HivePress Claim Listings plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in HivePress HivePress Claim Listings hivepress-claim-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HivePress Claim Listings: from n/a through <= 1.1.4.
5.3
CVE-2025-60121 - WordPress WooEvents plugin <= 4.1.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ex-Themes WooEvents woo-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooEvents: from n/a through <= 4.1.7.
5.3
CVE-2025-60119 - WordPress CoSchedule Plugin <= 3.3.11 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Retrieve Embedded Sensitive Data.This issue affects CoSchedule: from n/a through <= 3.3.11.