Export limit exceeded: 346260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346260 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49693 | 1 Kraftplugins | 1 Mega Elements | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kraft Plugins Mega Elements mega-elements-addons-for-elementor allows Stored XSS.This issue affects Mega Elements: from n/a through <= 1.2.6. | ||||
| CVE-2024-49692 | 1 Affiliatexblocks | 1 Affiliatex | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCenter AffiliateX affiliatex allows Stored XSS.This issue affects AffiliateX: from n/a through <= 1.2.9. | ||||
| CVE-2024-49691 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW woo-product-filter allows SQL Injection.This issue affects Product Filter by WBW: from n/a through <= 2.7.0. | ||||
| CVE-2024-49690 | 1 Qodeinteractive | 1 Qi Blocks | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through <= 1.3.2. | ||||
| CVE-2024-49689 | 2026-04-23 | 5.4 Medium | ||
| Missing Authorization vulnerability in Harmonic Design HD Quiz – Save Results Light hd-quiz-save-results-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz – Save Results Light: from n/a through <= 0.5. | ||||
| CVE-2024-49688 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects ARPrice: from n/a through <= 4.1.3. | ||||
| CVE-2024-49687 | 2 Storeapps, Wordpress | 2 Smart Manager, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce.This issue affects Smart Manager: from n/a through <= 8.45.0. | ||||
| CVE-2024-49686 | 2026-04-23 | 5.4 Medium | ||
| Missing Authorization vulnerability in fatcatapps Landing Page Cat landing-page-cat.This issue affects Landing Page Cat: from n/a through <= 1.7.4. | ||||
| CVE-2024-49685 | 1 Smashballoon | 1 Custom Twitter Feeds | 2026-04-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Custom Twitter Feeds (Tweets Widget) custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through <= 2.2.3. | ||||
| CVE-2024-49684 | 1 Revmakx | 1 Backup And Staging By Wp Time Capsule | 2026-04-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Object Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.21. | ||||
| CVE-2024-49683 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Magazine3 Schema & Structured Data for WP & AMP schema-and-structured-data-for-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Schema & Structured Data for WP & AMP: from n/a through <= 1.3.5. | ||||
| CVE-2024-49682 | 1 Simple-membership-plugin | 1 Simple Membership | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3. | ||||
| CVE-2024-49681 | 1 Swit | 1 Wp Sessions Time Monitoring Full Automatic | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.0.9. | ||||
| CVE-2024-49680 | 2 Rextheme, Wordpress | 2 Wp Vr, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through <= 8.5.5. | ||||
| CVE-2024-49679 | 1 Wpkoi | 1 Wpkoi Templates For Elementor | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Stored XSS.This issue affects WPKoi Templates for Elementor: from n/a through <= 3.1.0. | ||||
| CVE-2024-49678 | 2 Jinwen, Wordpress | 2 Js Paper, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jinwen js paper js-paper allows Reflected XSS.This issue affects js paper: from n/a through <= 2.5.7. | ||||
| CVE-2024-49677 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Bootstrap Buttons bootstrap-buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/a through <= 1.2. | ||||
| CVE-2024-49676 | 2026-04-23 | 6.6 Medium | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Michael Bourne Custom Icons for Elementor custom-icons-for-elementor allows Upload a Web Shell to a Web Server.This issue affects Custom Icons for Elementor: from n/a through <= 0.3.3. | ||||
| CVE-2024-49675 | 1 Vitaliibryl | 1 Switch User | 2026-04-23 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii iBryl Switch User ibryl-switch-user allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through <= 1.0.1. | ||||
| CVE-2024-49674 | 1 Lukas Huser | 1 Ekc Tournament Manager | 2026-04-23 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through <= 2.2.1. | ||||