7.1
CVE-2025-46499 - WordPress PayPal Express Checkout plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout paypal-express-checkout allows Stored XSS.This issue affects PayPal Express Checkout: from n/a through <= 2.1.2.
7.1
CVE-2025-46497 - WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics navegg allows Stored XSS.This issue affects Navegg Analytics: from n/a through <= 3.3.3.
6.5
CVE-2025-46495 - WordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps drop-caps allows Stored XSS.This issue affects Drop Caps: from n/a through <= 2.1.
7.1
CVE-2025-46492 - WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog call-now-coccoc-pht-blog allows Stored XSS.This issue affects Call Now PHT Blog: from n/a through <= 2.4.1.
6.5
CVE-2025-46484 - WordPress Image Hover Effects For WPBakery Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasir179125 Image Hover Effects For WPBakery Page Builder image-hover-effects-for-visual-composer allows DOM-Based XSS.This issue affects Image Hover Effects For WPBakery Page Builder: from n/a thrβ¦
6.5
CVE-2025-46480 - WordPress Nepali Post Date plugin <= 5.1.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Padam Shankhadev Nepali Post Date nepali-post-date allows Stored XSS.This issue affects Nepali Post Date: from n/a through <= 5.1.1.
7.1
CVE-2025-46478 - WordPress Dropdown Content plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaloha Dropdown Content dropdown-content allows Stored XSS.This issue affects Dropdown Content: from n/a through <= 1.0.2.
6.5
CVE-2025-46476 - WordPress Awesome Wp Image Gallery plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nayon46 Awesome Wp Image Gallery awesome-wp-image-gallery allows Stored XSS.This issue affects Awesome Wp Image Gallery: from n/a through <= 1.0.
6.5
CVE-2025-46472 - WordPress The Pack Elementor addons plugin <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through <= 2.1.6.
4.3
CVE-2025-46470 - WordPress Smart Hashtags [#hashtagger] plugin <= 7.2.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags [#hashtagger] hashtagger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Hashtags [#hashtagger]: from n/a through <= 7.2.3.