5.4
CVE-2025-46238 - WordPress List Last Changes plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer List Last Changes list-last-changes allows Stored XSS.This issue affects List Last Changes: from n/a through <= 1.2.1.
5.4
CVE-2025-46237 - WordPress Link Library plugin <= 7.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Stored XSS.This issue affects Link Library: from n/a through <= 7.8.
5.4
CVE-2025-46236 - WordPress HTML Forms plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through <= 1.5.2.
5.4
CVE-2025-46235 - WordPress SKT Blocks โ Gutenberg based Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) Vulnโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a through <= 2.0.
5.4
CVE-2025-46233 - WordPress Sirv plugin <= 7.5.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv sirv allows Stored XSS.This issue affects Sirv: from n/a through <= 7.5.3.
8.8
CVE-2025-46232 - WordPress Download Alt Text AI plugin <= 1.9.93 - Broken Access Control Vulnerability
Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.9.93.
8.8
CVE-2025-46231 - WordPress affiliate-toolkit plugin <= 3.7.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit affiliate-toolkit-starter allows Cross Site Request Forgery.This issue affects affiliate-toolkit: from n/a through <= 3.7.3.
4.8
CVE-2025-46229 - WordPress Textmetrics plugin <= 3.6.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Israpil Textmetrics webtexttool allows Stored XSS.This issue affects Textmetrics: from n/a through <= 3.6.2.
5.4
CVE-2025-46228 - WordPress Event post plugin <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post allows DOM-Based XSS.This issue affects Event post: from n/a through <= 5.9.11.
5.4
CVE-2025-46227 - WordPress Custom Related Posts plugin <= 1.7.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts custom-related-posts allows Stored XSS.This issue affects Custom Related Posts: from n/a through <= 1.7.4.