Common Vulnerabilities and Exposures (CVE)

CVE-2025-60068

Apr 24, 2026 19:09:24 UTC

Improper Control of Generation of Code ('Code Injection') vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through <= 3.0.0.266.

CVE-2025-60069

Apr 24, 2026 19:09:24 UTC

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6.

CVE-2025-60070

Apr 24, 2026 19:09:24 UTC

Improper Control of Generation of Code ('Code Injection') vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through <= 1.5.13.

CVE-2025-60071

Apr 24, 2026 19:09:24 UTC

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Riode riode allows PHP Local File Inclusion.This issue affects Riode: from n/a through <= 1.6.23.

CVE-2025-60072

Apr 24, 2026 19:09:24 UTC

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Anchor smooth scroll anchor-smooth-scroll allows PHP Local File Inclusion.This issue affects Anchor smooth sc...

CVE-2025-60077

Apr 24, 2026 19:09:24 UTC

Missing Authorization vulnerability in YayCommerce YayPricing yaypricing allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects YayPricing: from n/a through <= 3.5.3.

CVE-2025-60078

Apr 24, 2026 19:09:23 UTC

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia &#8211; Montpellier Task Manager task-manager allows PHP Local File Inclusion.This issue affects Task ...

CVE-2025-60079

Apr 24, 2026 19:09:23 UTC

Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through <= 1.0.9.

CVE-2025-60080

Apr 24, 2026 19:09:23 UTC

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: f...

CVE-2025-60081

Apr 24, 2026 19:09:23 UTC

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Contact Form 7 pdf-for-contact-form-7 allows Object Injection.This issue affects PDF for Contact Form 7: from n/a through <= 6.5.0.

CVE-2025-60082

Apr 24, 2026 19:09:22 UTC

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through <= 6.5.0.

CVE-2025-60083

Apr 24, 2026 19:09:22 UTC

Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through <= 6.5.0.

CVE-2025-60084

Apr 24, 2026 19:09:22 UTC

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Buil...

CVE-2025-60086

Apr 24, 2026 19:09:22 UTC

Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8.

CVE-2025-60088

Apr 24, 2026 19:09:21 UTC

Missing Authorization vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarIgnition: from n/a through <= 4.06.04.