CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

91 matches found

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS

Exploits0References1

Nuclei•added 9 hours ago•5 views

WP Extended < 3.0.0 - Stored Cross-Site Scripting

The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

7.1CVSS5.5AI score0.11677EPSS

Exploits0References4

Cvelist•added 10 hours ago•7 views

CVE-2026-47365

9.9CVSS

Exploits0References1

EUVD•added 10 hours ago•8 views

EUVD-2026-36376

9.9CVSS5.9AI score

Exploits0References1

CVE•added 10 hours ago•13 views

CVE-2026-47365

CVE-2026-47365 affects WordPress Toolkit (before 6.11.0) as used in cPanel & WHM. An argument injection flaw enables remote authenticated users to bypass cross-tenant authorization and run arbitrary wp-toolkit CLI commands as another account. The description and connected records confirm the affe...

9.9CVSS5.9AI score

Exploits0References1

Positive Technologies•added yesterday•5 views

PT-2026-48699

Name of the Vulnerable Software and Affected Versions WordPress Toolkit versions prior to 6.11.0 Description An argument injection issue exists in the software as used in cPanel & WHM. This allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI...

9.9CVSS5.8AI score

Exploits0References3

EUVD•added 2026/03/22 6:30 a.m.•2 views

EUVD-2026-14275

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $SERVER'REQUESTURI' to...

8.8CVSS5.9AI score0.0006EPSS

Exploits0References5

CVE•added 2026/03/22 3:26 a.m.•8 views

CVE-2026-4314

The CVE concerns The Ultimate WordPress Toolkit – WP Extended plugin for WordPress (up to version 3.2.4). In the Menu Editor module, isDashboardOrProfileRequest() uses an insecure strpos() check against $_SERVER['REQUEST_URI'] to detect dashboard/profile requests. The grantVirtualCaps() function ...

8.8CVSS5.9AI score0.0006EPSS

Exploits0References4

CNNVD•added 2026/03/22 12:0 a.m.•4 views

WordPress plugin The Ultimate WordPress Toolkit – WP Extended 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.0006EPSS

Exploits0References4

RedhatCVE•added 2026/01/23 12:26 a.m.•10 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

8.8CVSS5.4AI score0.00036EPSS

Exploits0References1

NVD•added 2026/01/22 7:15 p.m.•3 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

8.8CVSS0.00036EPSS

Exploits0References1

ATTACKERKB•added 2026/01/22 12:0 a.m.•4 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

8.8CVSS5.3AI score0.00036EPSS

Exploits0References2

Cvelist•added 2026/01/22 12:0 a.m.•16 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

0.00036EPSS

Exploits0References1

Positive Technologies•added 2026/01/22 12:0 a.m.•5 views

PT-2026-4274

Name of the Vulnerable Software and Affected Versions WordPress Toolkit versions prior to 6.9.1 Description A flaw exists in WordPress directory names within WebPros WordPress Toolkit that can lead to privilege escalation. The issue involves manipulation of directory names. Recommendations Update...

8.8CVSS5.2AI score0.00036EPSS

Exploits0References5

Vulnrichment•added 2026/01/22 12:0 a.m.•1 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

5.4AI score0.00036EPSS

Exploits0References1

CVE•added 2026/01/22 12:0 a.m.•17 views

CVE-2025-66428

Summary: CVE-2025-66428 affects WebPros WordPress Toolkit prior to 6.9.1. The flaw arises from manipulation of WordPress directory names, enabling privilege escalation. The reported impact is high (CVSS v3.1: 8.8; network attack, low complexity, user interaction none; privileges required low). Re...

8.8CVSS5.4AI score0.00036EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-48951

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00114EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-48949

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.02325EPSS

Exploits0References3