What is CVE-2022-46849?

It's an SQL injection vuln in the Weblizar Coming Soon Page WordPress plugin, letting attackers run arbitrary SQL without auth, affecting versions through 1.5.9.

Does CVE-2022-46849 affect my WordPress site?

Yes, if you have the Coming Soon Page plugin active and unpatched (pre-1.5.10). Check plugins list and update now.

How to fix CVE-2022-46849 SQL injection?

Update the plugin to latest version via WordPress dashboard, or deactivate/remove it. Add a WAF for extra protection.

🕳️ Vulnerabilities & CVEs

CVE-2022-46849: The SQL Injection Lurking in Your WordPress 'Coming Soon' Page

Picture this: your site's in 'coming soon' mode, looking all sleek and professional, while hackers siphon your database dry. That's CVE-2022-46849 in action, folks—a classic SQL injection slip-up in a WordPress plugin nobody thinks twice about.

theAIcatchup Apr 08, 2026 4 min read

Warning icon over WordPress dashboard showing Coming Soon Page plugin SQL injection vulnerability CVE-2022-46849

⚡ Key Takeaways

CVE-2022-46849 enables unauthenticated SQL injection in Weblizar's Coming Soon Page plugin up to v1.5.9. 𝕏
Over 10k installs at risk—update immediately or switch plugins. 𝕏
Recurring issue in WP ecosystem highlights need for better audits amid sloppy dev practices. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#CVE-2022-46849 #Coming Soon Plugin #SQL injection #Weblizar #WordPress Vulnerability #WordPress plugin

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by NVD Vulnerabilities

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

CVE-2022-46818: SQL Injection Lets Attackers Raid WordPress Subscriber Lists

CVE-2022-46860: SQL Injection Lets Hackers Hijack WordPress Short URLs

CVE-2022-46808: The SQL Injection Lurking in ARMember's Membership Plugin

Slimstat's SQL Injection Nightmare: CVE-2022-45373 Cracks Open Analytics Doors

Stay in the loop