Lucene search
K

92 matches found

Cvelist
Cvelist
added 2024/09/04 6:49 a.m.27 views

CVE-2024-8104 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the downloadfileajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of...

8.8CVSS0.00957EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/04 3:58 a.m.5 views

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Reflected Cross-Site Scripting via page vulnerability

Reflected Cross-Site Scripting via page vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...

6.1CVSS6.3AI score0.00401EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/04 3:56 a.m.4 views

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...

6.5CVSS6.9AI score0.00461EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/04 3:49 a.m.5 views

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Insecure Direct Object Reference vulnerability

Insecure Direct Object Reference vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...

5.4CVSS7AI score0.00309EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/04 3:20 a.m.6 views

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Missing Authorization to Admin Username Change vulnerability

Missing Authorization to Admin Username Change vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...

5.4CVSS7AI score0.00323EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.5 views

PT-2024-38810 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue is related to Reflected Cross-Site Scripting via the selected option parameter due to insufficient input sanitizatio...

6.1CVSS6.8AI score0.00401EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/09/04 12:0 a.m.14 views

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Arbitrary File Download

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8104 Patch priority High CVSS severity High 7.7 Developer WP Extended PSID 9fb5e1b755dd Credits...

8.8CVSS9.3AI score0.00957EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.6 views

PT-2024-38813 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress version 3.0.8 and earlier Description: The issue allows authenticated attackers with Subscriber-level access and above to change an admin's username to a username of their...

5.4CVSS7.1AI score0.00323EPSS
Exploits0References10
OSV
OSV
added 2024/07/22 9:15 a.m.3 views

CVE-2024-37259

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7...

6.1CVSS5.8AI score0.0063EPSS
Exploits0References1
CVE
CVE
added 2024/07/22 9:4 a.m.53 views

CVE-2024-37259

CVE-2024-37259 affects The Ultimate WordPress Toolkit – WP Extended (WP Extended) plugin. Public sources describe Cross-Site Scripting (XSS) in WP Extended up to version 2.4.7, with varying classifications across sources: the NVD entry cites Reflected XSS, while other connected templates discuss ...

7.1CVSS5.9AI score0.0063EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.4 views

PT-2024-27423 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended versions n/a through 2.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS...

7.1CVSS6.7AI score0.0063EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2024/06/27 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-37259

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 2.4.7...

6.1CVSS5.8AI score0.0063EPSS
Exploits0References1
Rows per page
Query Builder