3.7
CVE-2024-30114 - HCL Leap is affected by a cross-site scripting (XSS) vulnerability
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.
6.5
CVE-2024-30147 - HCL Leap is affected by a cross-site scripting (XSS) vulnerability
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.
4.1
CVE-2024-30148 - HCL Leap is affected by improper access control
Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.
5.4
CVE-2025-46498 - WordPress Zalo Official Live Chat <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery. This issue affects Zalo Official Live Chat: from n/a through 1.0.0.
7.2
CVE-2025-46473 - WordPress Social Counter <= 2.0.5 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection. This issue affects Social Counter: from n/a through 2.0.5.
5.9
CVE-2025-46523 - WordPress COVID-19 (Coronavirus) Update Your Customers <= 1.5.1 - Cross Site Scripting (XSS) Vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devignstudiosltd COVID-19 (Coronavirus) Update Your Customers allows Stored XSS. This issue affects COVID-19 (Coronavirus) Update Your Customers: from n/a through 1.5.1.
7.1
CVE-2025-46507 - WordPress Unsafe Mimetypes plugin <= 0.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS. This issue affects Unsafe Mimetypes: from n/a through 0.1.4.
7.2
CVE-2025-46481 - WordPress Flickr Shortcode Importer <= 2.2.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer allows Object Injection. This issue affects Flickr Shortcode Importer: from n/a through 2.2.3.
6.5
CVE-2025-46447 - WordPress Fable Extra <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra allows DOM-Based XSS. This issue affects Fable Extra: from n/a through 1.0.6.
4.9
CVE-2025-46531 - WordPress WP AVCL Automation Helper (formerly WPFlyLeads) <= 3.4 - Server Side Request Forgery (SSRβ¦
Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) allows Server Side Request Forgery. This issue affects WP AVCL Automation Helper (formerly WPFlyLeads): from n/a through 3.4.