8.1
CVE-2025-39506 - WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through <= 6.3.2.
8.2
CVE-2025-39536 - WordPress JobHunt Job Alerts <= 3.6 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6.
7.1
CVE-2025-46437 - WordPress Tayori Form plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tayoricom Tayori Form tayori allows Reflected XSS.This issue affects Tayori Form: from n/a through <= 1.2.9.
7.1
CVE-2025-46440 - WordPress kStats Reloaded plugin <= 0.7.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark kStats Reloaded kstats-reloaded allows Reflected XSS.This issue affects kStats Reloaded: from n/a through <= 0.7.4.
8.1
CVE-2025-46444 - WordPress Ads Pro plugin <= 4.89 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scripteo Ads Pro ap-plugin-scripteo allows PHP Local File Inclusion.This issue affects Ads Pro: from n/a through <= 4.89.
7.1
CVE-2025-46446 - WordPress Libro de Reclamaciones plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones libro-de-reclamaciones allows Stored XSS.This issue affects Libro de Reclamaciones: from n/a through <= 1.0.1.
7.1
CVE-2025-46448 - WordPress Document Management System plugin <= 1.24 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System dms allows Reflected XSS.This issue affects Document Management System: from n/a through <= 1.24.
7.5
CVE-2025-46454 - WordPress Meta Keywords & Description plugin <= 0.8 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in svil4ok Meta Keywords & Description wp-meta-keywords-meta-description allows PHP Local File Inclusion.This issue affects Meta Keywords & Description: from n/a through <= 0.8.
9.3
CVE-2025-46455 - WordPress WP HRM LITE plugin <= 1.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE wp-hrm-lite-human-resource-management-system allows SQL Injection.This issue affects WP HRM LITE: from n/a through <= 1.1.
7.1
CVE-2025-46456 - WordPress Theme Blvd Sliders plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders theme-blvd-sliders allows Reflected XSS.This issue affects Theme Blvd Sliders: from n/a through <= 1.2.5.