CVE List

CVE-2024-8121

Moderate 4.3

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used.

Published September 4, 2024.

Affected software

Get alerts for Wpextended WP Extended

Choose your software

1
iOS
Firefox
Chrome
Mac OS X
Safari
MySQL
PHP
Windows
Apache HTTP Server
React
WordPress
Android
Thunderbird
Node.JS
Microsoft Office
PostgreSQL
Drupal
MariaDB
Ruby
NGINX
jQuery
Kubernetes
Jenkins
Laravel
Symfony
Linux
Ember.js
CakePHP
Opera
Microsoft Edge
MongoDB
Ruby on Rails
.NET Framework
Internet Explorer
Windows 8
Windows 7
Windows 10
Joomla!
JRE
JDK
VMware Fusion
VMware Workstation
VMware Player
OpenBSD
Ubuntu
VLC
Django
iTunes
Windows Server
Windows Server 2003
Windows Server 2008
Windows Server 2016
Windows Server 2019
Magento
Magento 2
Redis
Microsoft Sharepoint
Microsoft Excel
Microsoft Word
Microsoft PowerPoint
Microsoft Access
Cisco IOS
Skype
iTerm 2
Microsoft OneNote
Docker
Bamboo
Confluence
Jira
Git
Fedora
CentOS
Visual Studio
IBM DB2
Subversion
OpenSSL
Apache Cassandra
GNU C Library
Redhat Enterprise Desktop
Apple Xcode
Solaris
VirtualBox
V8
OpenLDAP
Microsoft Exchange Server
Open Office
LibreOffice
QEMU
Elasticsearch
PHPMyAdmin
Yoast WordPress
WebkitGTK
Parallels Remote Server
Microsoft IIS
Memcached
Juniper Junos
Acrobat Reader
Adobe Acrobat
CURL
PHP-FPM
Ruby Rack
Python
NPM
SQLite
Apache Tomcat
GCC
Golang
Perl
OCaml
Busybox
OpenStack
Microsoft SQL Server
PouchDB
Bootstrap
Varnish
Wpextended WP Extended

Email address

Password must be at least 10 characters

Reference links