Vulnerabilites related to wpextended - wp_extended
cve-2024-8106
Vulnerability from cvelistv5
Published
2024-09-04 06:49
Modified
2024-09-04 14:13
Severity ?
EPSS score ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpextended | The Ultimate WordPress Toolkit – WP Extended |
Version: * ≤ 3.0.8 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8106", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T14:12:49.891933Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T14:13:01.800Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.8", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Marco Wotschka", }, ], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Information Exposure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T06:49:04.798Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/593eb5bc-59f9-4944-b147-4ba66d49abe6?source=cve", }, { url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_export_users/wpext_export_users.php#L54", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2024-08-22T00:00:00.000+00:00", value: "Discovered", }, { lang: "en", time: "2024-09-03T00:00:00.000+00:00", value: "Disclosed", }, ], title: "The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-8106", datePublished: "2024-09-04T06:49:04.798Z", dateReserved: "2024-08-22T20:02:27.093Z", dateUpdated: "2024-09-04T14:13:01.800Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8117
Vulnerability from cvelistv5
Published
2024-09-04 06:49
Modified
2024-09-04 13:17
Severity ?
EPSS score ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpextended | The Ultimate WordPress Toolkit – WP Extended |
Version: * ≤ 3.0.8 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8117", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T13:10:26.295478Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T13:17:08.733Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.8", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Marco Wotschka", }, ], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T06:49:02.171Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f7f91f6-9fe6-4bbf-ba3c-380ba2e97dcd?source=cve", }, { url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_snippets/wpext_snippets.php#L293", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2024-08-23T00:00:00.000+00:00", value: "Discovered", }, { lang: "en", time: "2024-09-03T00:00:00.000+00:00", value: "Disclosed", }, ], title: "The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-8117", datePublished: "2024-09-04T06:49:02.171Z", dateReserved: "2024-08-23T13:03:33.517Z", dateUpdated: "2024-09-04T13:17:08.733Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8102
Vulnerability from cvelistv5
Published
2024-09-04 06:49
Modified
2024-09-04 14:12
Severity ?
EPSS score ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpextended | The Ultimate WordPress Toolkit – WP Extended |
Version: * ≤ 3.0.8 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wp_extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.8", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8102", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T14:10:34.824773Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T14:12:32.142Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.8", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Marco Wotschka", }, ], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T06:49:05.286Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d47df99-cff5-4be7-ab8e-ef333cf3755b?source=cve", }, { url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/admin/class-wp-extended-admin.php#L262", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2024-08-22T00:00:00.000+00:00", value: "Discovered", }, { lang: "en", time: "2024-09-03T00:00:00.000+00:00", value: "Disclosed", }, ], title: "The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-8102", datePublished: "2024-09-04T06:49:05.286Z", dateReserved: "2024-08-22T19:05:40.786Z", dateUpdated: "2024-09-04T14:12:32.142Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8123
Vulnerability from cvelistv5
Published
2024-09-04 06:49
Modified
2024-09-04 13:16
Severity ?
EPSS score ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate posts written by other authors including admins. This includes the ability to duplicate password-protected posts, which reveals their contents.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpextended | The Ultimate WordPress Toolkit – WP Extended |
Version: * ≤ 3.0.8 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8123", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T13:10:10.677145Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T13:16:50.056Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.8", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Marco Wotschka", }, ], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate posts written by other authors including admins. This includes the ability to duplicate password-protected posts, which reveals their contents.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T06:49:05.845Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1e421fb-4839-4e2d-911f-e2fa8c756744?source=cve", }, { url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_duplicator/wpext_duplicator.php#L48", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2024-08-23T00:00:00.000+00:00", value: "Discovered", }, { lang: "en", time: "2024-09-03T00:00:00.000+00:00", value: "Disclosed", }, ], title: "The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-8123", datePublished: "2024-09-04T06:49:05.845Z", dateReserved: "2024-08-23T14:53:53.637Z", dateUpdated: "2024-09-04T13:16:50.056Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8104
Vulnerability from cvelistv5
Published
2024-09-04 06:49
Modified
2024-09-04 14:14
Severity ?
EPSS score ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpextended | The Ultimate WordPress Toolkit – WP Extended |
Version: * ≤ 3.0.8 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wp_extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.8", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8104", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T14:13:52.316142Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T14:14:30.782Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.8", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Marco Wotschka", }, ], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T06:49:03.122Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fad1834-0ee1-4542-a5a7-55a32861c81d?source=cve", }, { url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/libraries/wpext_export/wpext_export.php#L137", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2024-08-22T00:00:00.000+00:00", value: "Discovered", }, { lang: "en", time: "2024-09-03T00:00:00.000+00:00", value: "Disclosed", }, ], title: "The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-8104", datePublished: "2024-09-04T06:49:03.122Z", dateReserved: "2024-08-22T19:49:55.798Z", dateUpdated: "2024-09-04T14:14:30.782Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8119
Vulnerability from cvelistv5
Published
2024-09-04 06:49
Modified
2024-09-04 14:13
Severity ?
EPSS score ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpextended | The Ultimate WordPress Toolkit – WP Extended |
Version: * ≤ 3.0.8 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8119", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T14:13:24.093670Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T14:13:32.907Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.8", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Marco Wotschka", }, ], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T06:49:04.130Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/50798706-ad0d-431e-ac5f-57a0606c6f94?source=cve", }, { url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_snippets/wp-extend-module-listing.php#L216", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2024-08-23T00:00:00.000+00:00", value: "Discovered", }, { lang: "en", time: "2024-09-03T00:00:00.000+00:00", value: "Disclosed", }, ], title: "The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-8119", datePublished: "2024-09-04T06:49:04.130Z", dateReserved: "2024-08-23T14:14:08.826Z", dateUpdated: "2024-09-04T14:13:32.907Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37259
Vulnerability from cvelistv5
Published
2024-07-22 09:04
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WP Extended | The Ultimate WordPress Toolkit – WP Extended |
Version: n/a < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37259", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-22T19:12:50.730250Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-22T19:14:43.615Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.077Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_transferred", ], url: "https://patchstack.com/database/vulnerability/wpextended/wordpress-wp-extended-plugin-2-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://wordpress.org/plugins", defaultStatus: "unaffected", packageName: "wpextended", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "WP Extended", versions: [ { changes: [ { at: "3.0.0", status: "unaffected", }, ], lessThanOrEqual: "2.4.7", status: "affected", version: "n/a", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Yudistira Arya (Patchstack Alliance)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.<p>This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7.</p>", }, ], value: "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7.", }, ], impacts: [ { capecId: "CAPEC-591", descriptions: [ { lang: "en", value: "CAPEC-591 Reflected XSS", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-22T09:04:54.245Z", orgId: "21595511-bba5-4825-b968-b78d1f9984a3", shortName: "Patchstack", }, references: [ { tags: [ "vdb-entry", ], url: "https://patchstack.com/database/vulnerability/wpextended/wordpress-wp-extended-plugin-2-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to 3.0.0 or a higher version.", }, ], value: "Update to 3.0.0 or a higher version.", }, ], source: { discovery: "EXTERNAL", }, title: "WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "21595511-bba5-4825-b968-b78d1f9984a3", assignerShortName: "Patchstack", cveId: "CVE-2024-37259", datePublished: "2024-07-22T09:04:54.245Z", dateReserved: "2024-06-04T16:46:57.740Z", dateUpdated: "2024-08-02T03:50:56.077Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8121
Vulnerability from cvelistv5
Published
2024-09-04 06:49
Modified
2024-09-04 13:16
Severity ?
EPSS score ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpextended | The Ultimate WordPress Toolkit – WP Extended |
Version: * ≤ 3.0.8 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8121", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T13:09:51.213624Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T13:16:31.851Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.8", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Marco Wotschka", }, ], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T06:49:06.414Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3d08ac9-22f7-45f4-9896-05b90f5fce64?source=cve", }, { url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_block_user_name_admin/wpext_block_user_name_admin.php#L49", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2024-08-23T00:00:00.000+00:00", value: "Discovered", }, { lang: "en", time: "2024-09-03T00:00:00.000+00:00", value: "Disclosed", }, ], title: "The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-8121", datePublished: "2024-09-04T06:49:06.414Z", dateReserved: "2024-08-23T14:40:34.473Z", dateUpdated: "2024-09-04T13:16:31.851Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-13554
Vulnerability from cvelistv5
Published
2025-02-12 03:21
Modified
2025-02-12 15:16
Severity ?
EPSS score ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. This makes it possible for unauthenticated attackers to reorder posts.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpextended | The Ultimate WordPress Toolkit – WP Extended |
Version: * ≤ 3.0.13 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-13554", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T15:16:31.573621Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:16:36.873Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.13", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "tptNhan", }, ], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. This makes it possible for unauthenticated attackers to reorder posts.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T03:21:36.747Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/136ecfa1-5591-4636-bc30-6c68ddc7f277?source=cve", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3233951%40wpextended&new=3233951%40wpextended&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2025-02-11T15:21:02.000+00:00", value: "Disclosed", }, ], title: "The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-13554", datePublished: "2025-02-12T03:21:36.747Z", dateReserved: "2025-01-20T20:46:48.222Z", dateUpdated: "2025-02-12T15:16:36.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-09-04 07:15
Modified
2024-09-06 16:11
Severity ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | wp_extended | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "A0AEBA1D-445D-46DC-88FF-D829DA324207", versionEndExcluding: "3.0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", }, { lang: "es", value: "El complemento The Ultimate WordPress Toolkit – WP Extended para WordPress es vulnerable a ataques de Cross-Site Scripting Reflejado a través del parámetro de página en todas las versiones hasta la 3.0.8 incluida, debido a una desinfección de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en páginas que se ejecutan si logran engañar a un usuario para que realice una acción, como hacer clic en un enlace.", }, ], id: "CVE-2024-8119", lastModified: "2024-09-06T16:11:02.370", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "security@wordfence.com", type: "Primary", }, ], }, published: "2024-09-04T07:15:04.650", references: [ { source: "security@wordfence.com", tags: [ "Product", ], url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_snippets/wp-extend-module-listing.php#L216", }, { source: "security@wordfence.com", tags: [ "Patch", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, { source: "security@wordfence.com", tags: [ "Third Party Advisory", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/50798706-ad0d-431e-ac5f-57a0606c6f94?source=cve", }, ], sourceIdentifier: "security@wordfence.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@wordfence.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-22 09:15
Modified
2024-11-21 09:23
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | wp_extended | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "1492775E-0762-43FF-A81F-AF0D3FFACA06", versionEndExcluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7.", }, { lang: "es", value: " Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en WP Extended The Ultimate WordPress Toolkit – WP Extended permite XSS reflejado. Este problema afecta a The Ultimate WordPress Toolkit – WP Extended: desde n/a hasta 2.4 .7.", }, ], id: "CVE-2024-37259", lastModified: "2024-11-21T09:23:29.250", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.7, source: "audit@patchstack.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-22T09:15:06.123", references: [ { source: "audit@patchstack.com", tags: [ "Third Party Advisory", ], url: "https://patchstack.com/database/vulnerability/wpextended/wordpress-wp-extended-plugin-2-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://patchstack.com/database/vulnerability/wpextended/wordpress-wp-extended-plugin-2-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve", }, ], sourceIdentifier: "audit@patchstack.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "audit@patchstack.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-04 07:15
Modified
2024-09-05 13:28
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | wp_extended | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "A0AEBA1D-445D-46DC-88FF-D829DA324207", versionEndExcluding: "3.0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.", }, { lang: "es", value: "El complemento The Ultimate WordPress Toolkit – WP Extended para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 3.0.8 incluida a través de la función download_file_ajax. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, lean el contenido de archivos arbitrarios en el servidor, que pueden contener información confidencial.", }, ], id: "CVE-2024-8104", lastModified: "2024-09-05T13:28:06.817", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security@wordfence.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-04T07:15:03.943", references: [ { source: "security@wordfence.com", tags: [ "Product", ], url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/libraries/wpext_export/wpext_export.php#L137", }, { source: "security@wordfence.com", tags: [ "Patch", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, { source: "security@wordfence.com", tags: [ "Third Party Advisory", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fad1834-0ee1-4542-a5a7-55a32861c81d?source=cve", }, ], sourceIdentifier: "security@wordfence.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security@wordfence.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-04 07:15
Modified
2024-09-05 13:05
Severity ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | wp_extended | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "A0AEBA1D-445D-46DC-88FF-D829DA324207", versionEndExcluding: "3.0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.", }, { lang: "es", value: "El complemento The Ultimate WordPress Toolkit – WP Extended para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 3.0.8 incluida a través de la función download_user_ajax. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, extraigan datos confidenciales, incluidos nombres de usuario, contraseñas cifradas y correos electrónicos.", }, ], id: "CVE-2024-8106", lastModified: "2024-09-05T13:05:52.540", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@wordfence.com", type: "Primary", }, ], }, published: "2024-09-04T07:15:04.180", references: [ { source: "security@wordfence.com", tags: [ "Product", ], url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_export_users/wpext_export_users.php#L54", }, { source: "security@wordfence.com", tags: [ "Patch", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, { source: "security@wordfence.com", tags: [ "Third Party Advisory", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/593eb5bc-59f9-4944-b147-4ba66d49abe6?source=cve", }, ], sourceIdentifier: "security@wordfence.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@wordfence.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-04 07:15
Modified
2024-09-06 17:20
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate posts written by other authors including admins. This includes the ability to duplicate password-protected posts, which reveals their contents.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | wp_extended | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "A0AEBA1D-445D-46DC-88FF-D829DA324207", versionEndExcluding: "3.0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate posts written by other authors including admins. This includes the ability to duplicate password-protected posts, which reveals their contents.", }, { lang: "es", value: "El complemento The Ultimate WordPress Toolkit – WP Extended para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 3.0.8 incluida a través de la función duplicate_post debido a la falta de validación en una clave controlada por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, dupliquen publicaciones escritas por otros autores, incluidos los administradores. Esto incluye la capacidad de duplicar publicaciones protegidas con contraseña, lo que revela su contenido.", }, ], id: "CVE-2024-8123", lastModified: "2024-09-06T17:20:28.600", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "security@wordfence.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-04T07:15:05.130", references: [ { source: "security@wordfence.com", tags: [ "Product", ], url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_duplicator/wpext_duplicator.php#L48", }, { source: "security@wordfence.com", tags: [ "Patch", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, { source: "security@wordfence.com", tags: [ "Third Party Advisory", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1e421fb-4839-4e2d-911f-e2fa8c756744?source=cve", }, ], sourceIdentifier: "security@wordfence.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "security@wordfence.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-04 07:15
Modified
2024-09-06 16:04
Severity ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | wp_extended | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "A0AEBA1D-445D-46DC-88FF-D829DA324207", versionEndExcluding: "3.0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", }, { lang: "es", value: "El complemento The Ultimate WordPress Toolkit – WP Extended para WordPress es vulnerable a Cross-Site Scripting Reflejado a través del parámetro 'selected_option' en todas las versiones hasta la 3.0.8 incluida, debido a una desinfección de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en páginas que se ejecutan si logran engañar a un usuario para que realice una acción, como hacer clic en un enlace.", }, ], id: "CVE-2024-8117", lastModified: "2024-09-06T16:04:23.413", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "security@wordfence.com", type: "Primary", }, ], }, published: "2024-09-04T07:15:04.407", references: [ { source: "security@wordfence.com", tags: [ "Product", ], url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_snippets/wpext_snippets.php#L293", }, { source: "security@wordfence.com", tags: [ "Patch", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, { source: "security@wordfence.com", tags: [ "Third Party Advisory", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f7f91f6-9fe6-4bbf-ba3c-380ba2e97dcd?source=cve", }, ], sourceIdentifier: "security@wordfence.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@wordfence.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-12 04:15
Modified
2025-02-25 03:52
Severity ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. This makes it possible for unauthenticated attackers to reorder posts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | wp_extended | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "C6EEF5C2-972E-4B63-B0E6-01CC80C9337D", versionEndExcluding: "3.0.14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. This makes it possible for unauthenticated attackers to reorder posts.", }, { lang: "es", value: "El complemento The Ultimate WordPress Toolkit – WP Extended para WordPress es vulnerable a la modificación no autorizada de datos debido a una verificación de capacidad faltante en la función reorder_route() en todas las versiones hasta la 3.0.13 y incluida. Esto permite que atacantes no autenticados reordenen las publicaciones.", }, ], id: "CVE-2024-13554", lastModified: "2025-02-25T03:52:20.300", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@wordfence.com", type: "Primary", }, ], }, published: "2025-02-12T04:15:09.503", references: [ { source: "security@wordfence.com", tags: [ "Patch", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3233951%40wpextended&new=3233951%40wpextended&sfp_email=&sfph_mail=", }, { source: "security@wordfence.com", tags: [ "Third Party Advisory", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/136ecfa1-5591-4636-bc30-6c68ddc7f277?source=cve", }, ], sourceIdentifier: "security@wordfence.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "security@wordfence.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-04 07:15
Modified
2024-09-06 16:20
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | wp_extended | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "A0AEBA1D-445D-46DC-88FF-D829DA324207", versionEndExcluding: "3.0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used.", }, { lang: "es", value: "El complemento The Ultimate WordPress Toolkit – WP Extended para WordPress es vulnerable a la modificación no autorizada de nombres de usuario debido a una falta de verificación de capacidad en la función wpext_change_admin_name() en todas las versiones hasta la 3.0.8 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, cambien el nombre de usuario de un administrador por un nombre de usuario de su agrado siempre que se haya utilizado el valor predeterminado \"admin\".", }, ], id: "CVE-2024-8121", lastModified: "2024-09-06T16:20:59.767", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "security@wordfence.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-04T07:15:04.887", references: [ { source: "security@wordfence.com", tags: [ "Product", ], url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_block_user_name_admin/wpext_block_user_name_admin.php#L49", }, { source: "security@wordfence.com", tags: [ "Patch", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, { source: "security@wordfence.com", tags: [ "Third Party Advisory", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3d08ac9-22f7-45f4-9896-05b90f5fce64?source=cve", }, ], sourceIdentifier: "security@wordfence.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "security@wordfence.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-04 07:15
Modified
2024-09-05 13:28
Severity ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | wp_extended | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "A0AEBA1D-445D-46DC-88FF-D829DA324207", versionEndExcluding: "3.0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", }, { lang: "es", value: "El complemento The Ultimate WordPress Toolkit – WP Extended para WordPress es vulnerable a la modificación no autorizada de datos que puede provocar una escalada de privilegios debido a una verificación de capacidad faltante en la función module_all_toggle_ajax() en todas las versiones hasta la 3.0.8 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen opciones arbitrarias en el sitio de WordPress. Esto se puede aprovechar para actualizar el rol predeterminado para el registro como administrador y habilitar el registro de usuarios para que los atacantes obtengan acceso de usuario administrativo a un sitio vulnerable.", }, ], id: "CVE-2024-8102", lastModified: "2024-09-05T13:28:54.747", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security@wordfence.com", type: "Primary", }, ], }, published: "2024-09-04T07:15:03.580", references: [ { source: "security@wordfence.com", tags: [ "Product", ], url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/admin/class-wp-extended-admin.php#L262", }, { source: "security@wordfence.com", tags: [ "Patch", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=", }, { source: "security@wordfence.com", tags: [ "Third Party Advisory", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d47df99-cff5-4be7-ab8e-ef333cf3755b?source=cve", }, ], sourceIdentifier: "security@wordfence.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "security@wordfence.com", type: "Primary", }, ], }