Browse all 3 CVE security advisories affecting WP Extended. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WP Extended is a WordPress plugin designed to extend core functionality with features like custom post types and taxonomies. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. The plugin has three CVEs on record, with one notable incident involving an authenticated RCE flaw (CVE-2023-6552) that allowed attackers with contributor-level access to execute arbitrary code. Security researchers have identified consistent input validation and sanitization weaknesses across versions, making it a persistent target for exploitation. Despite its utility, the plugin's security track record has raised concerns among WordPress administrators regarding its risk profile.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-30796 | WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 | 7.1 | High | 2025-04-01 |
| CVE-2024-47386 | WordPress WP Extended plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 | 7.1 | High | 2024-10-05 |
| CVE-2024-37259 | WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 | 7.1 | High | 2024-07-22 |
This page lists every published CVE security advisory associated with WP Extended. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.