Wpextended The Ultimate Wordpress Toolkit – Wp Extended
14 CVEs affecting Wpextended The Ultimate Wordpress Toolkit – Wp Extended. Latest disclosed: 2026-03-22. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4314 | High | 8.8 | 2026-03-22 | The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This… |
CVE-2024-11816 | High | 8.8 | 2025-01-08 | The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability… |
CVE-2024-8102 | High | 8.8 | 2024-09-04 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation… |
CVE-2024-8104 | High | 8.8 | 2024-09-04 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the… |
CVE-2024-13184 | High | 7.5 | 2025-01-18 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions u… |
CVE-2024-11916 | High | 7.4 | 2025-01-08 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capabil… |
CVE-2024-8106 | Medium | 6.5 | 2024-09-04 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0… |
CVE-2025-4963 | Medium | 6.4 | 2025-05-28 | The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insu… |
CVE-2024-9347 | Medium | 6.1 | 2024-10-17 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all v… |
CVE-2024-8119 | Medium | 6.1 | 2024-09-04 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up… |
CVE-2024-8117 | Medium | 6.1 | 2024-09-04 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in al… |
CVE-2024-8121 | Medium | 5.4 | 2024-09-04 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability chec… |
CVE-2024-8123 | Medium | 5.4 | 2024-09-04 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3… |
CVE-2024-13554 | Medium | 5.3 | 2025-02-12 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on t… |