CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

WP Extended < 3.0.0 - Stored Cross-Site Scripting

The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

7.1CVSS6AI score0.11677EPSS

Exploits0References4

EUVD•added 2026/03/22 6:30 a.m.•2 views

EUVD-2026-14275

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $SERVER'REQUESTURI' to...

8.8CVSS5.9AI score0.0006EPSS

Exploits0References5

CVE•added 2026/03/22 3:26 a.m.•4 views

CVE-2026-4314

The CVE concerns The Ultimate WordPress Toolkit – WP Extended plugin for WordPress (up to version 3.2.4). In the Menu Editor module, isDashboardOrProfileRequest() uses an insecure strpos() check against $_SERVER['REQUEST_URI'] to detect dashboard/profile requests. The grantVirtualCaps() function ...

8.8CVSS5.9AI score0.0006EPSS

Exploits0References4

CNNVD•added 2026/03/22 12:0 a.m.•4 views

WordPress plugin The Ultimate WordPress Toolkit – WP Extended 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.0006EPSS

Exploits0References4

RedhatCVE•added 2026/01/23 12:26 a.m.•7 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

8.8CVSS5.4AI score0.00036EPSS

Exploits0References1

NVD•added 2026/01/22 7:15 p.m.•3 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

8.8CVSS0.00036EPSS

Exploits0References1

ATTACKERKB•added 2026/01/22 12:0 a.m.•4 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

8.8CVSS5.3AI score0.00036EPSS

Exploits0References2

Cvelist•added 2026/01/22 12:0 a.m.•15 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

0.00036EPSS

Exploits0References1

Positive Technologies•added 2026/01/22 12:0 a.m.•3 views

PT-2026-4274

Name of the Vulnerable Software and Affected Versions WordPress Toolkit versions prior to 6.9.1 Description A flaw exists in WordPress directory names within WebPros WordPress Toolkit that can lead to privilege escalation. The issue involves manipulation of directory names. Recommendations Update...

8.8CVSS5.2AI score0.00036EPSS

Exploits0References5

Vulnrichment•added 2026/01/22 12:0 a.m.•1 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

5.4AI score0.00036EPSS

Exploits0References1

CVE•added 2026/01/22 12:0 a.m.•11 views

CVE-2025-66428

Summary: CVE-2025-66428 affects WebPros WordPress Toolkit prior to 6.9.1. The flaw arises from manipulation of WordPress directory names, enabling privilege escalation. The reported impact is high (CVSS v3.1: 8.8; network attack, low complexity, user interaction none; privileges required low). Re...

8.8CVSS5.4AI score0.00036EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-48951

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00114EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-34339

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.18026EPSS

Exploits0References3