CVE-2024-11816

Name of the Vulnerable Software and Affected Versions The Ultimate WordPress Toolkit – WP Extended plugin for WordPress version 3.0.11

Description The issue is due to a missing capability check on the wpext handle snippet update function, making it possible for authenticated attackers with Subscriber-level access and above to execute code on the server, provided an admin has created at least one code snippet.

Recommendations For version 3.0.11, consider disabling the wpext handle snippet update function until a patch is available to prevent exploitation. Additionally, restrict access to the WP Extended plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.