The Ultimate WordPress Toolkit – WP Extended

WP Extended

Developer

3.2.1

Latest version

700

Installations

Oct 27, 2025

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

15 fixed

12 Mitigation rules

Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
<= 3.0.15
May 27, 2025
Cross Site Scripting (XSS) vulnerability
<= 3.0.14
Mar 27, 2025
Missing Authorization to Unauthenticated Post Order Manipulation vulnerability
<= 3.0.13
Feb 11, 2025
Unauthenticated SQL Injection via Login Attempts Module vulnerability
<= 3.0.12
Jan 17, 2025
Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability
<= 3.0.11
Jan 7, 2025
Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
<= 3.0.11
Jan 7, 2025
Reflected Cross-Site Scripting vulnerability
<= 3.0.9
Oct 16, 2024
Reflected Cross Site Scripting (XSS) vulnerability
<= 3.0.8
Sep 30, 2024
Reflected Cross-Site Scripting via page vulnerability
<= 3.0.8
Sep 4, 2024
Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
<= 3.0.8
Sep 4, 2024
Authenticated (Subscriber+) Arbitrary Options Update vulnerability
<= 3.0.8
Sep 4, 2024
Insecure Direct Object Reference vulnerability
<= 3.0.8
Sep 4, 2024
Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download vulnerability
<= 3.0.8
Sep 4, 2024
Missing Authorization to Admin Username Change vulnerability
<= 3.0.8
Sep 4, 2024
Cross Site Scripting (XSS) vulnerability
<= 2.4.7
Jun 27, 2024