CVE-2024-11816
Published: 08 January 2025
Description
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.
Security Summary
CVE-2024-11816 is a Remote Code Execution (RCE) vulnerability in the Ultimate WordPress Toolkit – WP Extended plugin for WordPress, affecting version 3.0.11. The issue stems from a missing capability check in the 'wpext_handle_snippet_update' function, classified under CWE-862 (Missing Authorization). It was published on 2025-01-08 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high confidentiality, integrity, and availability impacts.
Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability to execute arbitrary code on the affected server. Exploitation requires that an administrator has previously created at least one code snippet, enabling the attacker to leverage the unchecked function for RCE over the network with low complexity and no user interaction.
Advisories and related resources include the WordPress plugin trac repository, showing the vulnerable code at line 705 in includes/modules/core_extensions/wpext_snippets/wpext_snippets.php and a specific changeset (3213331 for wpextended). Additional details are provided in Wordfence threat intelligence at the referenced vulnerability page.
Details
- CWE(s)