8.1
CVE-2025-46444 - WordPress Ads Pro plugin <= 4.89 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scripteo Ads Pro ap-plugin-scripteo allows PHP Local File Inclusion.This issue affects Ads Pro: from n/a through <= 4.89.
7.1
CVE-2025-46446 - WordPress Libro de Reclamaciones plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones libro-de-reclamaciones allows Stored XSS.This issue affects Libro de Reclamaciones: from n/a through <= 1.0.1.
7.1
CVE-2025-46448 - WordPress Document Management System plugin <= 1.24 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System dms allows Reflected XSS.This issue affects Document Management System: from n/a through <= 1.24.
7.5
CVE-2025-46454 - WordPress Meta Keywords & Description plugin <= 0.8 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in svil4ok Meta Keywords & Description wp-meta-keywords-meta-description allows PHP Local File Inclusion.This issue affects Meta Keywords & Description: from n/a through <= 0.8.
9.3
CVE-2025-46455 - WordPress WP HRM LITE plugin <= 1.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE wp-hrm-lite-human-resource-management-system allows SQL Injection.This issue affects WP HRM LITE: from n/a through <= 1.1.
7.1
CVE-2025-46456 - WordPress Theme Blvd Sliders plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders theme-blvd-sliders allows Reflected XSS.This issue affects Theme Blvd Sliders: from n/a through <= 1.2.5.
8.2
CVE-2025-46458 - WordPress occupancyplan plugin <= 1.0.3.0 - CSRF to SQL Injection vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan occupancyplan allows SQL Injection.This issue affects occupancyplan: from n/a through <= 1.0.3.0.
9.3
CVE-2025-46460 - WordPress Easy Guide plugin <= 1.0.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Detheme Easy Guide wp-easy-guide allows SQL Injection.This issue affects Easy Guide: from n/a through <= 1.0.0.
8.5
CVE-2025-46463 - WordPress Mailing Group Listserv plugin <= 3.0.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through <= 3.0.4.
9.8
CVE-2025-46468 - WordPress Fable Extra plugin <= 1.0.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPFable Fable Extra fable-extra allows PHP Local File Inclusion.This issue affects Fable Extra: from n/a through <= 1.0.6.