Search Results (36979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-49299 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Surfer Surfer surferseo allows SQL Injection.This issue affects Surfer: from n/a through <= 1.5.0.502.
CVE-2024-49297 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.7.9.7.
CVE-2024-49293 1 Rextheme 1 Wp Vr 2026-04-23 4.3 Medium
Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through <= 8.5.4.
CVE-2024-49273 1 Metagauss 1 Profilegrid 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities.This issue affects ProfileGrid : from n/a through <= 5.9.3.
CVE-2024-49271 1 Unlimited-elements 2 Unlimited Elements For Elementor, Unlimited Elements For Elementor \(free Widgets\, Addons\, Templates\) 2026-04-23 9.1 Critical
Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through <= 1.5.121.
CVE-2024-49256 1 Wpchill 1 Htaccess File Editor 2026-04-23 6.5 Medium
Incorrect Authorization vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through <= 1.0.18.
CVE-2024-49243 2 Jon Vincent Mendoza, Jonvincentmendoza 2 Dynamic Elementor Addons, Dynamic Elementor Addons 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ramjon27 Dynamic Elementor Addons dynamic-elementor-addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through <= 1.0.0.
CVE-2024-48045 1 Leevio 1 Happy Addons For Elementor 2026-04-23 4.3 Medium
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.12.3.
CVE-2024-48044 1 Shortpixel 1 Image Optimizer 2026-04-23 5.4 Medium
Missing Authorization vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through <= 5.6.3.
CVE-2024-48043 1 Shortpixel 1 Shortpixel Image Optimizer 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through <= 5.6.3.
CVE-2024-48042 1 Supsystic 1 Contact Form 2026-04-23 9.1 Critical
Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through <= 1.7.28.
CVE-2024-48040 1 Tainacan 1 Tainacan 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows SQL Injection.This issue affects Tainacan: from n/a through <= 0.21.8.
CVE-2024-48039 1 Cubewp 1 Cubewp 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP: from n/a through <= 1.1.15.
CVE-2024-48020 1 Revmakx 1 Backup And Staging By Wp Time Capsule 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.21.
CVE-2024-47362 1 Wpchill 1 Strong Testimonials 2026-04-23 4.3 Medium
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials.This issue affects Strong Testimonials: from n/a through <= 3.1.16.
CVE-2024-47361 1 Webtechstreet 1 Elementor Addon Elements 2026-04-23 6.5 Medium
Missing Authorization vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.This issue affects Elementor Addon Elements: from n/a through <= 1.13.6.
CVE-2024-47358 1 Code-atlantic 1 Popup Maker 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Daniel Iser Popup Maker popup-maker.This issue affects Popup Maker: from n/a through <= 1.19.2.
CVE-2024-47350 1 Yithemes 1 Yith Woocommerce Ajax Search 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITHEMES YITH WooCommerce Ajax Search yith-woocommerce-ajax-search.This issue affects YITH WooCommerce Ajax Search: from n/a through <= 2.8.0.
CVE-2024-47338 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal WPExperts Square For GiveWP wpexperts-square-for-give allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through <= 1.3.
CVE-2024-47337 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Phillip Dane Joy Of Text Lite joy-of-text.This issue affects Joy Of Text Lite: from n/a through <= 2.3.1.