8.5
CVE-2025-60109 - WordPress LambertGroup - AllInOne - Content Slider Plugin <= 3.8 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through <= 3.8.
8.5
CVE-2025-60108 - WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerabiβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a thβ¦
8.5
CVE-2025-60107 - WordPress LambertGroup - AllInOne - Banner with Playlist Plugin <= 3.8 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a throβ¦
4.9
CVE-2025-60106 - WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through <= 1.6.0.
6.5
CVE-2025-60105 - WordPress Ditty Plugin <= 3.1.58 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty ditty-news-ticker allows Stored XSS.This issue affects Ditty: from n/a through <= 3.1.58.
5.9
CVE-2025-60104 - WordPress Gallery Custom Links Plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery Custom Links gallery-custom-links allows Stored XSS.This issue affects Gallery Custom Links: from n/a through <= 2.2.5.
5.4
CVE-2025-60103 - WordPress ListingPro plugin <= 2.9.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.8.
6.5
CVE-2025-60102 - WordPress WPFront User Role Editor Plugin <= 4.2.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront User Role Editor wpfront-user-role-editor allows Stored XSS.This issue affects WPFront User Role Editor: from n/a through <= 4.2.3.
6.5
CVE-2025-60099 - WordPress Embed Any Document Plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through <= 2.7.7.
5.3
CVE-2025-60100 - WordPress XStore theme < 9.6 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through < 9.6.