Total
342050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49329 | 2 Vivek Tamrakar, Vivektamrakar | 2 Wp Rest Api Fns, Wp Rest Api Fns | 2026-04-01 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through <= 1.0.0. | ||||
| CVE-2024-49328 | 2 Vivek Tamrakar, Vivektamrakar | 2 Wp Rest Api Fns, Wp Rest Api Fns | 2026-04-01 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0. | ||||
| CVE-2024-49327 | 1 Asepbagjapriandana | 1 Woostagram Connect | 2026-04-01 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through <= 1.0.2. | ||||
| CVE-2024-49326 | 1 Vasiliskerasiotis | 1 Affiliator | 2026-04-01 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through <= 2.1.3. | ||||
| CVE-2024-49325 | 1 Wpdiscover | 1 Photo Gallery Builder | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in wpdiscover Photo Gallery Builder photo-gallery-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Photo Gallery Builder: from n/a through <= 3.0. | ||||
| CVE-2024-49324 | 1 Sovratec | 2 Case Management, Sovratec Case Management | 2026-04-01 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0. | ||||
| CVE-2024-49323 | 1 Sourav | 1 All In One Slider | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahriar Alam All in One Slider all-in-one-slider allows Reflected XSS.This issue affects All in One Slider: from n/a through <= 1.1. | ||||
| CVE-2024-49322 | 1 Codepassenger | 1 Job Board Manager For Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through <= 1.0. | ||||
| CVE-2024-49321 | 1 Colorlib | 1 Simple Custom Post Order | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through <= 2.5.7. | ||||
| CVE-2024-49320 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dennis Encyclopedia / Glossary / Wiki encyclopedia-lexicon-glossary-wiki-dictionary allows Reflected XSS.This issue affects Encyclopedia / Glossary / Wiki: from n/a through <= 1.7.60. | ||||
| CVE-2024-49319 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B.M. Rafiul Alam Awesome Contact Form7 for Elementor awesome-contact-form7-for-elementor.This issue affects Awesome Contact Form7 for Elementor: from n/a through <= 3.0. | ||||
| CVE-2024-49318 | 1 Olsonsp4c | 1 My Reading Library | 2026-04-01 | N/A |
| Deserialization of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This issue affects My Reading Library: from n/a through <= 1.0. | ||||
| CVE-2024-49317 | 1 Zipang | 1 Point Maker | 2026-04-01 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ZIPANG Point Maker point-maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through <= 0.1.4. | ||||
| CVE-2024-49315 | 1 Codeflock | 1 Free Download Manager | 2026-04-01 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER free-download-manager allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through <= 1.0.0. | ||||
| CVE-2024-49314 | 1 Zhuige | 1 Jiangqie Free Mini Program | 2026-04-01 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through <= 2.5.2. | ||||
| CVE-2024-49313 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in rudestan VKontakte Wall Post vkontakte-wall-post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through <= 2.0. | ||||
| CVE-2024-49312 | 1 Edwiser | 1 Bridge | 2026-04-01 | 8.6 High |
| Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7. | ||||
| CVE-2024-49311 | 1 Edwiser | 1 Bridge | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.7. | ||||
| CVE-2024-49310 | 2 Themesflat, Wordpress | 2 Themesflat Addons For Elementor, Wordpress | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through <= 2.2.0. | ||||
| CVE-2024-49309 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omarfolghe Digitally digitally allows Reflected XSS.This issue affects Digitally: from n/a through <= 1.0.8. | ||||