The WP Extended plugin for WordPress, called The Ultimate WordPress Toolkit, has a security issue where attackers can insert harmful scripts into pages by tricking users into clicking on links. This can happen in all versions up to 3.0.8 because the plugin does not properly clean the input and output. This means that anyone can do this, even if they are not logged in.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
