6.5
CVE-2025-46461 - WordPress RRSSB plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Relentless Apps RRSSB rrssb allows DOM-Based XSS.This issue affects RRSSB: from n/a through <= 1.0.1.
7.1
CVE-2025-46457 - WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ahsanullah Akanda Wp Custom CMS Block wp-custom-cms-block allows Stored XSS.This issue affects Wp Custom CMS Block: from n/a through <= 2.1.
6.5
CVE-2025-46453 - WordPress Zoho Creator Forms <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreatorTeam Zoho Creator Forms allows Stored XSS. This issue affects Zoho Creator Forms: from n/a through 1.0.5.
7.1
CVE-2025-46449 - WordPress WoWHead Tooltips plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips wowhead-tooltips allows Stored XSS.This issue affects WoWHead Tooltips: from n/a through <= 2.0.1.
6.5
CVE-2025-46445 - WordPress External Markdown plugin <= 0.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown external-markdown allows Stored XSS.This issue affects External Markdown: from n/a through <= 0.0.1.
6.5
CVE-2025-46438 - WordPress GTDB Guitar Tuners plugin <= 4.2.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners guitar-tuner allows Stored XSS.This issue affects GTDB Guitar Tuners: from n/a through <= 4.2.2.
6.5
CVE-2025-46542 - WordPress Xpert Tab plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab xpert-tab allows Stored XSS.This issue affects Xpert Tab: from n/a through <= 1.3.
6.5
CVE-2025-46540 - WordPress GNA Search Shortcode plugin <= 0.9.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode gna-search-shortcode allows Stored XSS.This issue affects GNA Search Shortcode: from n/a through <= 0.9.5.
6.5
CVE-2025-46538 - WordPress Inline Text Popup plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup inline-text-popup allows DOM-Based XSS.This issue affects Inline Text Popup: from n/a through <= 1.0.0.
6.5
CVE-2025-46536 - WordPress Carousel-of-post-images plugin <= 1.07 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RichardHarrison Carousel-of-post-images carousel-of-post-images allows DOM-Based XSS.This issue affects Carousel-of-post-images: from n/a through <= 1.07.