| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4314 | The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 8.8 | 2026-03-22 03:26:34 | Deep Dive |
| CVE-2025-4963 | WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.4 | 2025-05-28 09:22:14 | Deep Dive |
| CVE-2024-13554 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 5.3 | 2025-02-12 03:21:37 | Deep Dive |
| CVE-2024-13184 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 7.5 | 2025-01-18 08:26:39 | Deep Dive |
| CVE-2024-11816 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 8.8 | 2025-01-08 03:18:11 | Deep Dive |
| CVE-2024-11916 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 7.4 | 2025-01-08 03:18:11 | Deep Dive |
| CVE-2024-9347 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.9 - Reflected Cross-Site Scripting | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.1 | 2024-10-17 03:32:50 | Deep Dive |
| CVE-2024-8121 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 5.4 | 2024-09-04 06:49:06 | Deep Dive |
| CVE-2024-8123 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 5.4 | 2024-09-04 06:49:06 | Deep Dive |
| CVE-2024-8102 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 8.8 | 2024-09-04 06:49:05 | Deep Dive |
| CVE-2024-8106 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.5 | 2024-09-04 06:49:05 | Deep Dive |
| CVE-2024-8119 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.1 | 2024-09-04 06:49:04 | Deep Dive |
| CVE-2024-8104 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 8.8 | 2024-09-04 06:49:03 | Deep Dive |
| CVE-2024-8117 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.1 | 2024-09-04 06:49:02 | Deep Dive |