EUVD-2026-14275

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $SERVER'REQUESTURI' to...

CVE-2026-4314

The CVE concerns The Ultimate WordPress Toolkit – WP Extended plugin for WordPress (up to version 3.2.4). In the Menu Editor module, isDashboardOrProfileRequest() uses an insecure strpos() check against $_SERVER['REQUEST_URI'] to detect dashboard/profile requests. The grantVirtualCaps() function ...

PT-2025-14047 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended versions n/a through 3.0.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...

WordPress plugin The Ultimate WordPress Toolkit – WP Extended 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPre...

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.14...

PT-2025-6429 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.13 Description: The issue is related to a missing capability check on the reorder route function, allowing unauthenticated attackers to modif...

WordPress plugin Ultimate WordPress Toolkit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation vulnerability

Missing Authorization to Unauthenticated Post Order Manipulation vulnerability discovered by incognito in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.13...

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module vulnerability

Unauthenticated SQL Injection via Login Attempts Module vulnerability discovered by WordFence in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.12...

PT-2025-1714 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.11 Description: The issue is related to a missing capability check on several functions, allowing authenticated attackers with subscriber-lev...

WordPress The Ultimate WordPress Toolkit plugin <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Remote Code Execution vulnerability discovered by stealthcopter in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.11...

WordPress plugin The Ultimate WordPress Toolkit – WP Extended 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin The Ultimate WordPress Toolkit - WP...

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.9 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.9...

CVE-2024-8106

CVE-2024-8106 : The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to a Sensitive Information Exposure flaw via the download_user_ajax function in all versions up to and including 3.0.8. Authenticated attackers with Subscriber+ access can exfiltrate sensitive data suc...

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...

PT-2024-38813 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress version 3.0.8 and earlier Description: The issue allows authenticated attackers with Subscriber-level access and above to change an admin's username to a username of their...

CVE-2024-37259

CVE-2024-37259 affects The Ultimate WordPress Toolkit – WP Extended (WP Extended) plugin. Public sources describe Cross-Site Scripting (XSS) in WP Extended up to version 2.4.7, with varying classifications across sources: the NVD entry cites Reflected XSS, while other connected templates discuss ...

PT-2024-27423 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended versions n/a through 2.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS...