7.1
CVE-2025-46251 - WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnβ¦
Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Cross Site Request Forgery.This issue affects VikRestaurants: from n/a through <= 1.3.3.
5.9
CVE-2025-46250 - WordPress VForm plugin <= 3.1.14 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Stored XSS.This issue affects VPSUForm: from n/a through <= 3.1.14.
4.3
CVE-2025-46249 - WordPress Simple calendar for Elementor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulneraβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through <= 1.6.4.
5.3
CVE-2025-46247 - WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
4.3
CVE-2025-46246 - WordPress CM Answers plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Cross Site Request Forgery.This issue affects CM Answers: from n/a through <= 3.3.3.
4.3
CVE-2025-46245 - WordPress CM Ad Changer plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer cm-ad-changer allows Cross Site Request Forgery.This issue affects CM Ad Changer: from n/a through <= 2.0.5.
5.3
CVE-2025-46244 - WordPress Advanced Linked Variations for Woocommerce plugin <= 1.0.3 - Broken Access Control Vulnerβ¦
Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce linked-variation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Linked Variations for Woocommerce: from n/a through <= 1.0.3.
4.3
CVE-2025-46243 - WordPress Recover abandoned cart for WooCommerce plugin <= 2.2 - Cross Site Request Forgery (CSRF) β¦
Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows Cross Site Request Forgery.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.2.
7.6
CVE-2025-46242 - WordPress Watu Quiz plugin <= 3.4.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz watu allows SQL Injection.This issue affects Watu Quiz: from n/a through <= 3.4.3.
8.2
CVE-2025-46241 - WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.