The Ultimate WordPress Toolkit – WP Extended
WP Extended
Developer
3.2.6
Latest version
600
Installations
No date
Last updated
Vulnerability history
0 present
16 patched
13 Mitigation rules
- WordPress The Ultimate WordPress Toolkit - WP Extended plugin <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module vulnerability<= 3.2.424/03/2026
- Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability<= 3.0.1527/05/2025
- Cross Site Scripting (XSS) vulnerability<= 3.0.1427/03/2025
- Missing Authorization to Unauthenticated Post Order Manipulation vulnerability<= 3.0.1311/02/2025
- Unauthenticated SQL Injection via Login Attempts Module vulnerability<= 3.0.1217/01/2025
- Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability<= 3.0.1107/01/2025
- Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability<= 3.0.1107/01/2025
- Reflected Cross-Site Scripting vulnerability<= 3.0.916/10/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 3.0.830/09/2024
- Reflected Cross-Site Scripting via page vulnerability<= 3.0.804/09/2024
- Authenticated (Subscriber+) Sensitive Information Exposure vulnerability<= 3.0.804/09/2024
- Authenticated (Subscriber+) Arbitrary Options Update vulnerability<= 3.0.804/09/2024
- Insecure Direct Object Reference vulnerability<= 3.0.804/09/2024
- Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download vulnerability<= 3.0.804/09/2024
- Missing Authorization to Admin Username Change vulnerability<= 3.0.804/09/2024
- Cross Site Scripting (XSS) vulnerability<= 2.4.727/06/2024