CVE-2025-4963

The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2025-4963 WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2025-4963 WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2025-4963

The CVE-2025-4963 entry describes a Stored Cross-Site Scripting (XS S) vulnerability in the WordPress WP Extended plugin. Affected software: WP Extended plugin for WordPress (versions up to and including 3.0.15). Root cause: insufficient input sanitization and output escaping for SVG file uploads...

CVE-2025-30796 WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 3.0.14...

CVE-2025-30796

CVE-2025-30796 in The Ultimate WordPress Toolkit – WP Extended (up to 3.0.14) is a reflected XSS vulnerability caused by improper neutralization of input during web page generation. The CVSS‑3.1 base score is 7.1 (HIGH) with NETWORK attack vector, LOW confidentiality/integrity/availability impact...

CVE-2025-30796 WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 3.0.14...

CVE-2024-13554

CVE-2024-13554 affects The Ultimate WordPress Toolkit – WP Extended

CVE-2024-13554 The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorderroute function in all versions up to, and including, 3.0.13. This makes it possible for unauthenticated attackers to reorder pos...

PT-2024-38804 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive...