5.9
CVE-2025-46523 - WordPress COVID-19 (Coronavirus) Update Your Customers plugin <= 1.5.1 - Cross Site Scripting (XSS)β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devignstudiosltd COVID-19 (Coronavirus) Update Your Customers covid-19-alert allows Stored XSS.This issue affects COVID-19 (Coronavirus) Update Your Customers: from n/a through <= 1.5.1.
7.1
CVE-2025-46507 - WordPress Unsafe Mimetypes plugin <= 0.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes unsafe-mimetypes allows Stored XSS.This issue affects Unsafe Mimetypes: from n/a through <= 0.1.4.
7.2
CVE-2025-46481 - WordPress Flickr Shortcode Importer plugin <= 2.2.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer flickr-shortcode-importer allows Object Injection.This issue affects Flickr Shortcode Importer: from n/a through <= 2.2.3.
6.5
CVE-2025-46447 - WordPress Fable Extra plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra fable-extra allows DOM-Based XSS.This issue affects Fable Extra: from n/a through <= 1.0.6.
4.9
CVE-2025-46531 - WordPress WP AVCL Automation Helper (formerly WPFlyLeads) plugin <= 3.4 - Server Side Request Forgeβ¦
Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) woozap allows Server Side Request Forgery.This issue affects WP AVCL Automation Helper (formerly WPFlyLeads): from n/a through <= 3.4.
4.3
CVE-2025-46519 - WordPress Media Library Downloader plugin <= 1.3.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in M.Code Media Library Downloader media-library-downloader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library Downloader: from n/a through <= 1.3.1.
6.4
CVE-2025-46511 - WordPress BeerXML Shortcode plugin <= 0.7.1 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode beerxml-shortcode allows Server Side Request Forgery.This issue affects BeerXML Shortcode: from n/a through <= 0.7.1.
4.9
CVE-2025-46503 - WordPress Simple Google Photos Grid plugin <= 1.5 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid simple-google-photos-grid allows Server Side Request Forgery.This issue affects Simple Google Photos Grid: from n/a through <= 1.5.
5.3
CVE-2025-46489 - WordPress Bulk Assign Linked Products For WooCommerce plugin <= 2.1 - Broken Access Control Vulneraβ¦
Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce wc-bulk-assign-linked-products allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through <= 2.1.
5.3
CVE-2025-46485 - WordPress WP Customize Login Page plugin <= 1.6.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Customize Login Page: from n/a through <= 1.6.5.