cleantalk
Vulnerabilities and Security Researches

The Ultimate WordPress Toolkit – WP Extended, CVE-2024-11816

CVE, Research URL

CVE-2024-11816

Home page URL

Security reports for The Ultimate WordPress Toolkit – WP Extended

Application

The Ultimate WordPress Toolkit – WP Extended

Published on
Jan 08, 2025
Research Description
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.
Affected versions
Min -, max 3.0.12.
Status
vulnerable
Previous vulnerability researches
The Ultimate WordPress Toolkit – WP Extended (CVE-2024-37259) , Jul 01, 2024
The Ultimate WordPress Toolkit – WP Extended (CVE-2024-13184) , Jan 20, 2025
The Ultimate WordPress Toolkit – WP Extended (CVE-2024-11916) , Jan 09, 2025
The Ultimate WordPress Toolkit – WP Extended (CVE-2024-11816) , Jan 09, 2025
The Ultimate WordPress Toolkit – WP Extended (CVE-2024-13554) , Feb 13, 2025
New vulnerability
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2024-13887) , Mar 14, 2025
AppPresser – Mobile App Framework (CVE-2025-1561) , Mar 14, 2025
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-1119) , Mar 14, 2025
CRM and Lead Management by vcita (CVE-2024-13703) , Mar 14, 2025
WP Recipe Maker (CVE-2025-1503) , Mar 14, 2025