cleantalk
Vulnerabilities and Security Researches

The Ultimate WordPress Toolkit – WP Extended, CVE-2026-4314

CVE, Research URL

CVE-2026-4314

Home page URL

Security reports for The Ultimate WordPress Toolkit – WP Extended

Application

The Ultimate WordPress Toolkit – WP Extended

Published on
Mar 22, 2026
Research Description
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequest()` method in the Menu Editor module using an insecure `strpos()` check against `$_SERVER['REQUEST_URI']` to determine if a request targets the dashboard or profile page. The `grantVirtualCaps()` method, which is hooked into the `user_has_cap` filter, grants elevated capabilities including `manage_options` when this check returns true. This makes it possible for authenticated attackers, with Subscriber-level access and above, to gain administrative capabilities by appending a crafted query parameter to any admin URL, allowing them to update arbitrary WordPress options and ultimately create new Administrator accounts.
Affected versions
max 3.2.5.
Status
vulnerable
Previous vulnerability researches
Verge3D Publishing and E-Commerce (CVE-2025-22709) , Jan 19, 2025
Verge3D Publishing and E-Commerce (CVE-2025-30833) , Apr 02, 2025
Verge3D Publishing and E-Commerce (CVE-2025-48241) , May 24, 2025
Verge3D Publishing and E-Commerce (CVE-2023-51421) , Jun 06, 2024
Verge3D Publishing and E-Commerce (CVE-2023-51420) , Jun 06, 2024
New vulnerability
Orbisius Random Name Generator (CVE-2026-1893) , Apr 15, 2026
User Language Switch (CVE-2026-0745) , Apr 15, 2026
User Language Switch (CVE-2026-0735) , Apr 15, 2026
Campaign Monitor for WordPress (CVE-2026-0674) , Apr 15, 2026
WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress (CVE-2026-1941) , Apr 15, 2026