Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

The Ultimate WordPress Toolkit – WP Extended — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in The Ultimate WordPress Toolkit – WP Extended, with AI-generated Chinese analysis, references, and POCs.

Vendor: WP Extended

CVE IDTitleCVSSSeverityPublished
CVE-2026-4314 The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module CWE-269 8.8 High2026-03-22
CVE-2025-4963 WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CWE-79 6.4 Medium2025-05-28
CVE-2025-30796 WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2025-04-01
CVE-2024-13554 The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation CWE-862 5.3 Medium2025-02-12
CVE-2024-13184 The Ultimate WordPress Toolkit – WP Extended <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module CWE-89 7.5 High2025-01-18
CVE-2024-11816 The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution CWE-862 8.8 High2025-01-08
CVE-2024-11916 The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting CWE-862 7.4 High2025-01-08
CVE-2024-9347 The Ultimate WordPress Toolkit – WP Extended <= 3.0.9 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-10-17
CVE-2024-47386 WordPress WP Extended plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-10-05
CVE-2024-8123 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference CWE-639 5.4 Medium2024-09-04
CVE-2024-8121 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change CWE-862 5.4 Medium2024-09-04
CVE-2024-8106 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure CWE-200 6.5 Medium2024-09-04
CVE-2024-8102 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update CWE-862 8.8 High2024-09-04
CVE-2024-8119 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page CWE-79 6.1 Medium2024-09-04
CVE-2024-8104 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download CWE-22 8.8 High2024-09-04
CVE-2024-8117 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option CWE-79 6.1 Medium2024-09-04
CVE-2024-37259 WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-07-22

All 17 known CVE vulnerabilities affecting The Ultimate WordPress Toolkit – WP Extended with full Chinese analysis, references, and POCs where available.