← Back

Wp Extra

wp_extra

Vendor: Wpvnteam • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-46623
1Wpvnteam
1Wp Extra
Jun 17, 2026
Dec 29, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.
CVE-2023-46212
1Wpvnteam
1Wp Extra
Jun 17, 2026
Dec 19, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a...Show more
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.Show less
CVE-2023-47825
1Wpvnteam
1Wp Extra
Jun 17, 2026
Nov 22, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra plugin <= 6.4 versions.
CVE-2023-5314
1Wpvnteam
1Wp Extra
Jun 17, 2026
Nov 22, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including...Show more
The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server.Show less
CVE-2023-5311
1Wpvnteam
1Wp Extra
Jun 17, 2026
Oct 25, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenti...Show more
The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution. CVE-2023-46623 appears to be a duplicate of this issue.Show less