Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpextended — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting wpextended. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpextended is a WordPress plugin designed to extend functionality through custom post types and advanced content management. Historically, it has been susceptible to multiple security vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. The plugin's 14 recorded CVEs highlight recurring issues related to insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for unpatched implementations. Site administrators should prioritize timely updates and implement least privilege principles to mitigate exposure to these known weaknesses.

Top products by wpextended: The Ultimate WordPress Toolkit – WP Extended
CVE IDTitleCVSSSeverityPublished
CVE-2026-4314 The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module — The Ultimate WordPress Toolkit – WP ExtendedCWE-269 8.8 High2026-03-22
CVE-2025-4963 WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.4 Medium2025-05-28
CVE-2024-13554 The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation — The Ultimate WordPress Toolkit – WP ExtendedCWE-862 5.3 Medium2025-02-12
CVE-2024-13184 The Ultimate WordPress Toolkit – WP Extended <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module — The Ultimate WordPress Toolkit – WP ExtendedCWE-89 7.5 High2025-01-18
CVE-2024-11916 The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — The Ultimate WordPress Toolkit – WP ExtendedCWE-862 7.4 High2025-01-08
CVE-2024-11816 The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution — The Ultimate WordPress Toolkit – WP ExtendedCWE-862 8.8 High2025-01-08
CVE-2024-9347 The Ultimate WordPress Toolkit – WP Extended <= 3.0.9 - Reflected Cross-Site Scripting — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-10-17
CVE-2024-8121 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change — The Ultimate WordPress Toolkit – WP ExtendedCWE-862 5.4 Medium2024-09-04
CVE-2024-8123 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference — The Ultimate WordPress Toolkit – WP ExtendedCWE-639 5.4 Medium2024-09-04
CVE-2024-8102 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update — The Ultimate WordPress Toolkit – WP ExtendedCWE-862 8.8 High2024-09-04
CVE-2024-8106 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure — The Ultimate WordPress Toolkit – WP ExtendedCWE-200 6.5 Medium2024-09-04
CVE-2024-8119 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-09-04
CVE-2024-8104 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download — The Ultimate WordPress Toolkit – WP ExtendedCWE-22 8.8 High2024-09-04
CVE-2024-8117 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-09-04

This page lists every published CVE security advisory associated with wpextended. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.