cleantalk
Vulnerabilities and Security Researches

The Ultimate WordPress Toolkit – WP Extended, CVE-2024-8106

CVE, Research URL

CVE-2024-8106

Home page URL

Security reports for The Ultimate WordPress Toolkit – WP Extended

Application

The Ultimate WordPress Toolkit – WP Extended

Published on
Sep 04, 2024
Research Description
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.
Affected versions
Min -, max 3.0.9.
Status
vulnerable
Previous vulnerability researches
The Ultimate WordPress Toolkit – WP Extended (CVE-2024-37259) , Jul 01, 2024
The Ultimate WordPress Toolkit – WP Extended (CVE-2024-13184) , Jan 20, 2025
The Ultimate WordPress Toolkit – WP Extended (CVE-2024-11916) , Jan 09, 2025
The Ultimate WordPress Toolkit – WP Extended (CVE-2024-11816) , Jan 09, 2025
The Ultimate WordPress Toolkit – WP Extended (CVE-2025-4963) , Jun 14, 2025
New vulnerability
MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more (CVE-2025-24757) , Jul 06, 2025
File Manager (CVE-2025-27358) , Jul 06, 2025
Booking Calendar Contact Form (CVE-2025-48231) , Jul 06, 2025
NGG Smart Image Search (CVE-2025-52832) , Jul 05, 2025
(Simply) Guest Author Name (CVE-2025-24764) , Jul 05, 2025