CVE-2025-30796
- EPSS 0.03%
- Veröffentlicht 01.04.2025 06:15:51
- Zuletzt bearbeitet 01.04.2025 20:26:11
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS. This issue affects The Ultimate WordPress Toolkit – WP Extended: from...
CVE-2024-13184
- EPSS 0.58%
- Veröffentlicht 18.01.2025 09:15:06
- Zuletzt bearbeitet 18.01.2025 09:15:06
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and...
CVE-2024-11816
- EPSS 3.71%
- Veröffentlicht 08.01.2025 04:15:06
- Zuletzt bearbeitet 17.01.2025 21:00:00
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authentica...