7.1
CVE-2025-46449 - WordPress WoWHead Tooltips plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips wowhead-tooltips allows Stored XSS.This issue affects WoWHead Tooltips: from n/a through <= 2.0.1.
6.5
CVE-2025-46445 - WordPress External Markdown plugin <= 0.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown external-markdown allows Stored XSS.This issue affects External Markdown: from n/a through <= 0.0.1.
6.5
CVE-2025-46438 - WordPress GTDB Guitar Tuners plugin <= 4.2.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners guitar-tuner allows Stored XSS.This issue affects GTDB Guitar Tuners: from n/a through <= 4.2.2.
6.5
CVE-2025-46542 - WordPress Xpert Tab plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab xpert-tab allows Stored XSS.This issue affects Xpert Tab: from n/a through <= 1.3.
6.5
CVE-2025-46540 - WordPress GNA Search Shortcode plugin <= 0.9.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode gna-search-shortcode allows Stored XSS.This issue affects GNA Search Shortcode: from n/a through <= 0.9.5.
6.5
CVE-2025-46538 - WordPress Inline Text Popup plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup inline-text-popup allows DOM-Based XSS.This issue affects Inline Text Popup: from n/a through <= 1.0.0.
6.5
CVE-2025-46536 - WordPress Carousel-of-post-images plugin <= 1.07 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RichardHarrison Carousel-of-post-images carousel-of-post-images allows DOM-Based XSS.This issue affects Carousel-of-post-images: from n/a through <= 1.07.
6.5
CVE-2025-46534 - WordPress Image Style Hover plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DanielRiera Image Style Hover image-content-show-hover allows DOM-Based XSS.This issue affects Image Style Hover: from n/a through <= 1.0.6.
6.5
CVE-2025-46532 - WordPress Tooltip plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haris Zulfiqar Tooltip wp-tooltip allows DOM-Based XSS.This issue affects Tooltip: from n/a through <= 1.0.1.
7.1
CVE-2025-46530 - WordPress Hacklog Remote Attachment plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) Vulnerabiliβ¦
Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment hacklog-remote-attachment allows Stored XSS.This issue affects Hacklog Remote Attachment: from n/a through <= 1.3.2.