5.3
CVE-2024-11299 - Memberpress <= 1.11.37 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposuโฆ
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-levโฆ
6.4
CVE-2025-3458 - Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_โฆ
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_idโ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level aโฆ
6.5
CVE-2025-3472 - Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthentiโฆ
6.4
CVE-2025-3457 - Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated atโฆ
5.4
CVE-2025-46254 - WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerabilโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through <= 45.10.0.
5.4
CVE-2025-46253 - WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit gutenkit-blocks-addon allows Stored XSS.This issue affects GutenKit: from n/a through <= 2.2.2.
7.2
CVE-2025-46252 - WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows SQL Injection.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.2.
8.8
CVE-2025-46251 - WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnโฆ
Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Cross Site Request Forgery.This issue affects VikRestaurants: from n/a through <= 1.3.3.
4.8
CVE-2025-46250 - WordPress VForm plugin <= 3.1.14 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Stored XSS.This issue affects VPSUForm: from n/a through <= 3.1.14.
8.8
CVE-2025-46249 - WordPress Simple calendar for Elementor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulneraโฆ
Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through <= 1.6.4.