Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High1
Medium1
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2025-12-12

CVE-2025-14166 - Wpmastertoolkit Plugin

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute arbitrary PHP code on the server, leading to remote code execution, privilege escalation, and complete site compromise.

PLUGIN Wpmastertoolkit

CVE-2025-14166

MEDIUM CVSS 5.3 2025-12-12
Open Full Technical Breakdown
Threat Entry Updated 2025-04-29

CVE-2025-3300 - Wpmastertoolkit Plugin

The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on the server, which can contain sensitive information.

PLUGIN Wpmastertoolkit

CVE-2025-3300

HIGH CVSS 7.2 2025-04-24
Open Full Technical Breakdown
Scroll to top