HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2025-60107

Apr 1, 2026 15:59:32 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Blind SQL Injection.This issue affects La...

CVE-2025-60106

Apr 1, 2026 15:59:32 UTC

Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through <= 1.6.0.

CVE-2025-60105

Apr 1, 2026 15:59:32 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty ditty-news-ticker allows Stored XSS.This issue affects Ditty: from n/a through <= 3.1.58.

CVE-2025-60104

Apr 1, 2026 15:59:31 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery Custom Links gallery-custom-links allows Stored XSS.This issue affects Gallery Custom Links: from n/a through <= 2.2.5.

CVE-2025-60103

Apr 1, 2026 15:59:31 UTC

Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.8.

CVE-2025-60102

Apr 1, 2026 15:59:31 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront User Role Editor wpfront-user-role-editor allows Stored XSS.This issue affects WPFront User Role Editor: from n/a throu...

CVE-2025-60101

Apr 1, 2026 15:59:31 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in duongancol Woostify woostify allows Stored XSS.This issue affects Woostify: from n/a through <= 2.4.2.

CVE-2025-60100

Apr 1, 2026 15:59:31 UTC

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through < 9.6.

CVE-2025-60099

Apr 1, 2026 15:59:30 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through <= 2.7.7.

CVE-2025-60098

Apr 1, 2026 15:59:30 UTC

Missing Authorization vulnerability in Jeff Farthing Theme My Login theme-my-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theme My Login: from n/a through <= 7.1.12.

CVE-2025-60097

Apr 1, 2026 15:59:30 UTC

Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through <= 5.10.5.

CVE-2025-60096

Apr 1, 2026 15:59:30 UTC

Missing Authorization vulnerability in CodexThemes TheGem (Elementor) thegem-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.

CVE-2025-60095

Apr 1, 2026 15:59:29 UTC

Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Retrieve Embedded Sensitive Data.This issue affects Stackable: from n/a through <= 3.18.1.

CVE-2025-60094

Apr 1, 2026 15:59:29 UTC

Missing Authorization vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stackable: from n/a through <= 3.18.1.

CVE-2025-60093

Apr 1, 2026 15:59:29 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager download-manager allows Cross Site Request Forgery.This issue affects Download Manager: from n/a through <= 3.3.24.

Page: 23