Vulnerabilites related to wpextended - ultimate_wordpress_toolkit
Vulnerability from fkie_nvd
Published
2025-01-08 04:15
Modified
2025-01-17 20:58
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | ultimate_wordpress_toolkit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:ultimate_wordpress_toolkit:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "9EB4F58D-71E8-446B-BF79-8BCFCD2531E2", versionEndExcluding: "3.0.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with", }, { lang: "es", value: "El complemento The Ultimate WordPress Toolkit – WP Extended para WordPress es vulnerable a modificaciones y recuperaciones de datos no autorizadas debido a una verificación de capacidad faltante en varias funciones en todas las versiones hasta la 3.0.11 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, importen y activen fragmentos de código arbitrarios junto con", }, ], id: "CVE-2024-11916", lastModified: "2025-01-17T20:58:37.443", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 3.7, source: "security@wordfence.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-01-08T04:15:06.537", references: [ { source: "security@wordfence.com", tags: [ "Patch", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=", }, { source: "security@wordfence.com", tags: [ "Third Party Advisory", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/747d7649-bdf5-46d0-a496-59cb7eac77ac?source=cve", }, ], sourceIdentifier: "security@wordfence.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "security@wordfence.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-08 04:15
Modified
2025-01-17 21:00
Severity ?
Summary
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpextended | ultimate_wordpress_toolkit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wpextended:ultimate_wordpress_toolkit:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "9EB4F58D-71E8-446B-BF79-8BCFCD2531E2", versionEndExcluding: "3.0.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.", }, { lang: "es", value: "El complemento Ultimate WordPress Toolkit – WP Extended para WordPress es vulnerable a la ejecución remota de código en la versión 3.0.11. Esto se debe a una comprobación de capacidad faltante en la función 'wpext_handle_snippet_update'. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, ejecuten código en el servidor siempre que un administrador haya creado al menos un fragmento de código.", }, ], id: "CVE-2024-11816", lastModified: "2025-01-17T21:00:00.330", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security@wordfence.com", type: "Primary", }, ], }, published: "2025-01-08T04:15:06.380", references: [ { source: "security@wordfence.com", tags: [ "Product", ], url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_snippets/wpext_snippets.php#L705", }, { source: "security@wordfence.com", tags: [ "Patch", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=", }, { source: "security@wordfence.com", tags: [ "Third Party Advisory", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3ce53e5-8666-4227-83d3-58f35db0ce68?source=cve", }, ], sourceIdentifier: "security@wordfence.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "security@wordfence.com", type: "Primary", }, ], }
cve-2024-11816
Vulnerability from cvelistv5
Published
2025-01-08 03:18
Modified
2025-01-08 15:22
Severity ?
EPSS score ?
Summary
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpextended | The Ultimate WordPress Toolkit – WP Extended |
Version: * ≤ 3.0.11 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11816", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T15:21:58.335263Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T15:22:05.707Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.11", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Matthew Rollings", }, { lang: "en", type: "finder", value: "Youcef Hamdani", }, ], descriptions: [ { lang: "en", value: "The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-08T14:14:20.220Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3ce53e5-8666-4227-83d3-58f35db0ce68?source=cve", }, { url: "https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/modules/core_extensions/wpext_snippets/wpext_snippets.php#L705", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2025-01-07T00:00:00.000+00:00", value: "Disclosed", }, ], title: "The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-11816", datePublished: "2025-01-08T03:18:11.444Z", dateReserved: "2024-11-26T16:46:04.633Z", dateUpdated: "2025-01-08T15:22:05.707Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11916
Vulnerability from cvelistv5
Published
2025-01-08 03:18
Modified
2025-01-08 15:26
Severity ?
EPSS score ?
Summary
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpextended | The Ultimate WordPress Toolkit – WP Extended |
Version: * ≤ 3.0.11 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11916", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T15:25:53.112389Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T15:26:45.561Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "The Ultimate WordPress Toolkit – WP Extended", vendor: "wpextended", versions: [ { lessThanOrEqual: "3.0.11", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Lucio Sá", }, ], descriptions: [ { lang: "en", value: "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with", }, ], metrics: [ { cvssV3_1: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-08T03:18:10.667Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/747d7649-bdf5-46d0-a496-59cb7eac77ac?source=cve", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2025-01-07T00:00:00.000+00:00", value: "Disclosed", }, ], title: "The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-11916", datePublished: "2025-01-08T03:18:10.667Z", dateReserved: "2024-11-27T17:34:22.337Z", dateUpdated: "2025-01-08T15:26:45.561Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }