7.1
CVE-2025-46510 - WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar cf7-calendar allows Stored XSS.This issue affects Contact Form 7 Calendar: from n/a through <= 3.0.1.
7.1
CVE-2025-46508 - WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through <= 1.6.0.
7.1
CVE-2025-46506 - WordPress WpZon β Amazon Affiliate Plugin plugin <= 1.3 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon β Amazon Affiliate Plugin wpzon allows Reflected XSS.This issue affects WpZon β Amazon Affiliate Plugin: from n/a through <= 1.3.
7.1
CVE-2025-46504 - WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code vasaio-qr-code allows Stored XSS.This issue affects Vasaio QR Code: from n/a through <= 1.2.5.
7.1
CVE-2025-46502 - WordPress LSD Custom taxonomy and category meta plugin <= 1.3.2 - CSRF to XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta custom-taxonomy-category-and-term-fields allows Cross Site Request Forgery.This issue affects LSD Custom taxonomy and category meta: from n/a throuβ¦
7.1
CVE-2025-46499 - WordPress PayPal Express Checkout plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout paypal-express-checkout allows Stored XSS.This issue affects PayPal Express Checkout: from n/a through <= 2.1.2.
7.1
CVE-2025-46497 - WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics navegg allows Stored XSS.This issue affects Navegg Analytics: from n/a through <= 3.3.3.
6.5
CVE-2025-46495 - WordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps drop-caps allows Stored XSS.This issue affects Drop Caps: from n/a through <= 2.1.
7.1
CVE-2025-46492 - WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog call-now-coccoc-pht-blog allows Stored XSS.This issue affects Call Now PHT Blog: from n/a through <= 2.4.1.
6.5
CVE-2025-46484 - WordPress Image Hover Effects For WPBakery Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasir179125 Image Hover Effects For WPBakery Page Builder image-hover-effects-for-visual-composer allows DOM-Based XSS.This issue affects Image Hover Effects For WPBakery Page Builder: from n/a thrβ¦