High severity8.8NVD Advisory· Published Jan 8, 2025· Updated Jun 17, 2026
CVE-2024-11816
CVE-2024-11816
Description
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=3.0.11
- wpextended/The Ultimate WordPress Toolkit – WP Extendedv5Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.