7.1
CVE-2025-46448 - WordPress Document Management System plugin <= 1.24 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System dms allows Reflected XSS.This issue affects Document Management System: from n/a through <= 1.24.
7.5
CVE-2025-46454 - WordPress Meta Keywords & Description plugin <= 0.8 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in svil4ok Meta Keywords & Description wp-meta-keywords-meta-description allows PHP Local File Inclusion.This issue affects Meta Keywords & Description: from n/a through <= 0.8.
9.3
CVE-2025-46455 - WordPress WP HRM LITE plugin <= 1.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE wp-hrm-lite-human-resource-management-system allows SQL Injection.This issue affects WP HRM LITE: from n/a through <= 1.1.
7.1
CVE-2025-46456 - WordPress Theme Blvd Sliders plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders theme-blvd-sliders allows Reflected XSS.This issue affects Theme Blvd Sliders: from n/a through <= 1.2.5.
8.2
CVE-2025-46458 - WordPress occupancyplan plugin <= 1.0.3.0 - CSRF to SQL Injection vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan occupancyplan allows SQL Injection.This issue affects occupancyplan: from n/a through <= 1.0.3.0.
9.3
CVE-2025-46460 - WordPress Easy Guide plugin <= 1.0.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Detheme Easy Guide wp-easy-guide allows SQL Injection.This issue affects Easy Guide: from n/a through <= 1.0.0.
8.5
CVE-2025-46463 - WordPress Mailing Group Listserv plugin <= 3.0.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through <= 3.0.4.
9.8
CVE-2025-46468 - WordPress Fable Extra plugin <= 1.0.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPFable Fable Extra fable-extra allows PHP Local File Inclusion.This issue affects Fable Extra: from n/a through <= 1.0.6.
8.1
CVE-2025-46474 - WordPress SEUR Oficial plugin <= 2.2.23 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SEUR OFICIAL SEUR Oficial seur allows PHP Local File Inclusion.This issue affects SEUR Oficial: from n/a through <= 2.2.23.
4.9
CVE-2025-46486 - WordPress Nomupay Payment Processing Gateway plugin <= 7.1.7 - Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Path Traversal.This issue affects Nomupay Payment Processing Gateway: from n/a through <= 7.1.7.