The Ultimate WordPress Toolkit – WP Extended Missing Authorization Vulnerability Allowing Stored Cross-Site Scripting
Vulnerability
A vulnerability exists in The Ultimate WordPress Toolkit – WP Extended plugin for WordPress, in all versions through 3.0.11. The issue arises from a lack of proper capability checks on several functions, allowing authenticated attackers with subscriber-level access or higher to import and activate arbitrary code snippets. This vulnerability could be exploited to execute the imported code, potentially leading to stored cross-site scripting.
Impact
Exploitation of this vulnerability could result in unauthorized execution of code snippets, creating a stored cross-site scripting risk, where the injected script is executed in the context of the user.
Reproduction
To reproduce this vulnerability, an authenticated user with subscriber-level access or higher can use the 'WP Extended Code Snippets' feature in the plugin. The user can import a code snippet that includes a script payload, which will be executed when the snippet is activated.
Remediation
Users are advised to update the plugin to version 3.0.12 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.