Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpextended — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting wpextended. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wpextended:The Ultimate WordPress Toolkit – WP Extended
CVE IDTitleCVSSSeverityPublished
CVE-2026-4314 The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module — The Ultimate WordPress Toolkit – WP ExtendedCWE-269 8.8 High2026-03-22
CVE-2025-4963 WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.4 Medium2025-05-28
CVE-2024-13554 The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation — The Ultimate WordPress Toolkit – WP ExtendedCWE-862 5.3 Medium2025-02-12
CVE-2024-13184 The Ultimate WordPress Toolkit – WP Extended <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module — The Ultimate WordPress Toolkit – WP ExtendedCWE-89 7.5 High2025-01-18
CVE-2024-11916 The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — The Ultimate WordPress Toolkit – WP ExtendedCWE-862 7.4 High2025-01-08
CVE-2024-11816 The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution — The Ultimate WordPress Toolkit – WP ExtendedCWE-862 8.8 High2025-01-08
CVE-2024-9347 The Ultimate WordPress Toolkit – WP Extended <= 3.0.9 - Reflected Cross-Site Scripting — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-10-17
CVE-2024-8121 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change — The Ultimate WordPress Toolkit – WP ExtendedCWE-862 5.4 Medium2024-09-04
CVE-2024-8123 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference — The Ultimate WordPress Toolkit – WP ExtendedCWE-639 5.4 Medium2024-09-04
CVE-2024-8102 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update — The Ultimate WordPress Toolkit – WP ExtendedCWE-862 8.8 High2024-09-04
CVE-2024-8106 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure — The Ultimate WordPress Toolkit – WP ExtendedCWE-200 6.5 Medium2024-09-04
CVE-2024-8119 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-09-04
CVE-2024-8104 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download — The Ultimate WordPress Toolkit – WP ExtendedCWE-22 8.8 High2024-09-04
CVE-2024-8117 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-09-04

This page lists every published CVE security advisory associated with wpextended. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.