CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8121

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.8%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2024-8121

Wpextended » Wp Extended » Version: N/A

cpe:2.3:a:wpextended:wp_extended:-
Wpextended » Wp Extended » Version: 1.0.0

cpe:2.3:a:wpextended:wp_extended:1.0.0
Wpextended » Wp Extended » Version: 1.0.1

cpe:2.3:a:wpextended:wp_extended:1.0.1
Wpextended » Wp Extended » Version: 1.2.0

cpe:2.3:a:wpextended:wp_extended:1.2.0
Wpextended » Wp Extended » Version: 2.0.0

cpe:2.3:a:wpextended:wp_extended:2.0.0
Wpextended » Wp Extended » Version: 2.1.0

cpe:2.3:a:wpextended:wp_extended:2.1.0
Wpextended » Wp Extended » Version: 2.1.2

cpe:2.3:a:wpextended:wp_extended:2.1.2
Wpextended » Wp Extended » Version: 2.1.3

cpe:2.3:a:wpextended:wp_extended:2.1.3
Wpextended » Wp Extended » Version: 2.1.4

cpe:2.3:a:wpextended:wp_extended:2.1.4
Wpextended » Wp Extended » Version: 2.2.0

cpe:2.3:a:wpextended:wp_extended:2.2.0
Wpextended » Wp Extended » Version: 2.3.0

cpe:2.3:a:wpextended:wp_extended:2.3.0
Wpextended » Wp Extended » Version: 2.4.0

cpe:2.3:a:wpextended:wp_extended:2.4.0
Wpextended » Wp Extended » Version: 2.4.1

cpe:2.3:a:wpextended:wp_extended:2.4.1
Wpextended » Wp Extended » Version: 2.4.2

cpe:2.3:a:wpextended:wp_extended:2.4.2
Wpextended » Wp Extended » Version: 2.4.3

cpe:2.3:a:wpextended:wp_extended:2.4.3
Wpextended » Wp Extended » Version: 2.4.4

cpe:2.3:a:wpextended:wp_extended:2.4.4
Wpextended » Wp Extended » Version: 2.4.5

cpe:2.3:a:wpextended:wp_extended:2.4.5
Wpextended » Wp Extended » Version: 2.4.6

cpe:2.3:a:wpextended:wp_extended:2.4.6
Wpextended » Wp Extended » Version: 2.4.7

cpe:2.3:a:wpextended:wp_extended:2.4.7
Wpextended » Wp Extended » Version: 3.0.0

cpe:2.3:a:wpextended:wp_extended:3.0.0
Wpextended » Wp Extended » Version: 3.0.1

cpe:2.3:a:wpextended:wp_extended:3.0.1
Wpextended » Wp Extended » Version: 3.0.2

cpe:2.3:a:wpextended:wp_extended:3.0.2
Wpextended » Wp Extended » Version: 3.0.3

cpe:2.3:a:wpextended:wp_extended:3.0.3
Wpextended » Wp Extended » Version: 3.0.4

cpe:2.3:a:wpextended:wp_extended:3.0.4
Wpextended » Wp Extended » Version: 3.0.5

cpe:2.3:a:wpextended:wp_extended:3.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8121

Products

Pricing

Contact Us