CVE-2026-4314

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $SERVER'REQUESTURI' to...

CVE-2026-4314

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $SERVER'REQUESTURI' to...

PT-2026-26965

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $ SERVER'REQUEST URI' t...

WordPress Starter Templates plugin <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via WXR Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Starter Templates versions = 4.4.41...

WordPress plugin WP Extended 跨站脚本漏洞

WordPress WP Extended plugin is a powerful WordPress plugin designed to extend the core WordPress functionality with all the essential tools needed to manage a professional WordPress website. WordPress WP Extended plugin suffers from a cross-site scripting vulnerability that stems from the...

PT-2025-14047 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended versions n/a through 3.0.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...

PT-2025-6429 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.13 Description: The issue is related to a missing capability check on the reorder route function, allowing unauthenticated attackers to modif...

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation vulnerability

Missing Authorization to Unauthenticated Post Order Manipulation vulnerability discovered by incognito in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.13...

WordPress plugin WP Extended SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2024-11816

The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpexthandlesnippetupdate' function. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2025-1714 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.11 Description: The issue is related to a missing capability check on several functions, allowing authenticated attackers with subscriber-lev...

WordPress plugin WP Extended 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.9 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.9...

PT-2024-39583 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.9 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows...

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...

WordPress plugin WP Extended 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

WordPress plugin WP Extended 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WP Extended 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-38802 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue is related to unauthorized modification of data that can lead to privilege escalation due to a missing capability...

PT-2024-27423 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended versions n/a through 2.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS...