92 matches found
CVE-2024-8104 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the downloadfileajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of...
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Reflected Cross-Site Scripting via page vulnerability
Reflected Cross-Site Scripting via page vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Insecure Direct Object Reference vulnerability
Insecure Direct Object Reference vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Missing Authorization to Admin Username Change vulnerability
Missing Authorization to Admin Username Change vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...
PT-2024-38810 · WordPress · Wp Extended
Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue is related to Reflected Cross-Site Scripting via the selected option parameter due to insufficient input sanitizatio...
WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Arbitrary File Download
Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8104 Patch priority High CVSS severity High 7.7 Developer WP Extended PSID 9fb5e1b755dd Credits...
PT-2024-38813 · WordPress · Wp Extended
Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress version 3.0.8 and earlier Description: The issue allows authenticated attackers with Subscriber-level access and above to change an admin's username to a username of their...
CVE-2024-37259
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7...
CVE-2024-37259
CVE-2024-37259 affects The Ultimate WordPress Toolkit – WP Extended (WP Extended) plugin. Public sources describe Cross-Site Scripting (XSS) in WP Extended up to version 2.4.7, with varying classifications across sources: the NVD entry cites Reflected XSS, while other connected templates discuss ...
PT-2024-27423 · WordPress · Wp Extended
Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended versions n/a through 2.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS...
VulnCheck KEV: CVE-2024-37259
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 2.4.7...