Analysis Summary

CVE-2025-46507 CVSS:7.1

Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS. This issue affects Unsafe Mimetypes: from n/a through 0.1.4.

CVE-2025-46442 CVSS:7.1

Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS. This issue affects Loan Calculator: from n/a through 1.3.

CVE-2025-46528 CVSS:7.1

Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS. This issue affects Availability Calendar: from n/a through 0.2.4.

Impact

• Gain Access
• Cross-site Scripting

Indicators of Compromise

CVE

• CVE-2025-46507

• CVE-2025-46442

• CVE-2025-46528

Affected Vendors

Remediation

Upgrade to the latest version for WordPress, available from the WordPress Plugin Directory.

CVE-2025-46507

CVE-2025-46442

CVE-2025-46528