Vulnerabilities > Wpextended

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-8102 Missing Authorization vulnerability in Wpextended WP Extended
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8.
network
low complexity
wpextended CWE-862
8.8
2024-09-04 CVE-2024-8104 Path Traversal vulnerability in Wpextended WP Extended
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function.
network
low complexity
wpextended CWE-22
6.5
2024-09-04 CVE-2024-8106 Unspecified vulnerability in Wpextended WP Extended
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function.
network
low complexity
wpextended
6.5
2024-09-04 CVE-2024-8117 Cross-site Scripting vulnerability in Wpextended WP Extended
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping.
network
low complexity
wpextended CWE-79
6.1
2024-09-04 CVE-2024-8119 Cross-site Scripting vulnerability in Wpextended WP Extended
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping.
network
low complexity
wpextended CWE-79
6.1
2024-09-04 CVE-2024-8121 Missing Authorization vulnerability in Wpextended WP Extended
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8.
network
low complexity
wpextended CWE-862
4.3
2024-09-04 CVE-2024-8123 Authorization Bypass Through User-Controlled Key vulnerability in Wpextended WP Extended
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key.
network
low complexity
wpextended CWE-639
5.4
2024-07-22 CVE-2024-37259 Unspecified vulnerability in Wpextended WP Extended
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7.
network
low complexity
wpextended
6.1