WPMasterToolKit (WPMTK) – All in one plugin

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > WPMasterToolKit (WPMTK) – All in one plugin

Information

Software Type	Plugin
Software Slug	wpmastertoolkit (view on wordpress.org)
Software Status	Active
Software Author	ludwigyou
Software Website	wpmastertoolkit.com
Software Downloads	62,107
Software Active Installs	4,000
Software Record Last Updated	June 18, 2026

5 Vulnerabilities

Submit a Vulnerability

WPMasterToolKit <= 2.14.0 - Missing Authorization

4.3

CVE-2026-24388

Jan 15, 2026

Researcher: Nabil Irawan

WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection

5.3

CVE-2025-14166

Dec 11, 2025

Researchers: Athiwat Tiprasaharn (Jitlada), Itthidej Aramsri (Boeing777), Powpy, Waris Damkham, Varakorn Chanthasri (iCreaM), Peerapat Samatathanyakorn, Sopon Tangpathum (SoNaJaa)

WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write

7.2

CVE-2025-3300

Apr 23, 2025

Researcher: nquangit

WPMasterToolKit <= 1.13.1 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2024-56249

Dec 30, 2024

Researcher: l8BL

WPMasterToolKit <= 1.13.1 - Authenticated (Admin+) Arbitrary File Download

4.9

CVE-2024-56248

Dec 30, 2024

Researcher: l8BL

Title	Status	CVE ID	CVSS	Researchers	Date
WPMasterToolKit <= 2.14.0 - Missing Authorization	Patched	CVE-2026-24388	4.3	Nabil Irawan	January 15, 2026
WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection	Patched	CVE-2025-14166	5.3	Athiwat Tiprasaharn (Jitlada), Itthidej Aramsri (Boeing777), Powpy, Waris Damkham, Varakorn Chanthasri (iCreaM), Peerapat Samatathanyakorn, Sopon Tangpathum (SoNaJaa)	December 11, 2025
WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write	Patched	CVE-2025-3300	7.2	nquangit	April 23, 2025
WPMasterToolKit <= 1.13.1 - Authenticated (Admin+) Arbitrary File Upload	Patched	CVE-2024-56249	7.2	l8BL	December 30, 2024
WPMasterToolKit <= 1.13.1 - Authenticated (Admin+) Arbitrary File Download	Patched	CVE-2024-56248	4.9	l8BL	December 30, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation