Common Vulnerabilities and Exposures (CVE)
CVE-2025-60068
Improper Control of Generation of Code ('Code Injection') vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through <= 3.0.0.266.
CVE-2025-60069
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6.
CVE-2025-60070
Improper Control of Generation of Code ('Code Injection') vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through <= 1.5.13.
CVE-2025-60071
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Riode riode allows PHP Local File Inclusion.This issue affects Riode: from n/a through <= 1.6.23.
CVE-2025-60072
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Anchor smooth scroll anchor-smooth-scroll allows PHP Local File Inclusion.This issue affects Anchor smooth sc...
CVE-2025-60077
Missing Authorization vulnerability in YayCommerce YayPricing yaypricing allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects YayPricing: from n/a through <= 3.5.3.
CVE-2025-60078
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia – Montpellier Task Manager task-manager allows PHP Local File Inclusion.This issue affects Task ...
CVE-2025-60079
Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through <= 1.0.9.
CVE-2025-60080
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: f...
CVE-2025-60081
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Contact Form 7 pdf-for-contact-form-7 allows Object Injection.This issue affects PDF for Contact Form 7: from n/a through <= 6.5.0.
CVE-2025-60082
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through <= 6.5.0.
CVE-2025-60083
Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through <= 6.5.0.
CVE-2025-60084
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Buil...
CVE-2025-60086
Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8.
CVE-2025-60088
Missing Authorization vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarIgnition: from n/a through <= 4.06.04.