CVE-2026-4314

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $SERVER'REQUESTURI' to...

CVE-2024-47386

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 3.0.8...

CVE-2024-37259

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 2.4.7...

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...

PT-2024-38805 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows authenticated attackers with Subscriber-level access and above to extract sensitive data, including usernames...