EUVD-2026-9349

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starterdummypost/ and /ultp/v3/starterimportcontent/ REST API endpoints. This makes it possible...

CVE-2025-69313

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 5.0.3...

CVE-2025-55707

Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through = 4.1.35...

CVE-2025-55707 WordPress PostX Plugin <= 4.1.35 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through = 4.1.35...

CVE-2025-54751

Summary: CVE-2025-54751 is a missing authorization / broken access control vulnerability in WPXPO PostX ultimate-post, affecting PostX versions up to 4.1.36. The issue arises from incorrectly configured access control security levels within the PostX plugin, enabling unauthorized access due to in...

CVE-2025-31096

CVE-2025-31096 affects WordPress PostX (Post Grid Gutenberg Blocks) plugin. The WordPress plugin PostX versions up to 4.1.25 are vulnerable to a Cross-Site Scripting (Stored) flaw via inputs generated during web page rendering, enabling XSS in authenticated contexts. Remediation: upgrade to PostX...

WordPress PostX Plugin <= 4.1.16 is vulnerable to Broken Access Control

Software PostX Type Plugin Vulnerable versions = 4.1.16 Fixed in 4.1.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10728 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 29722a758707 Credits Sean Murphy Required privilege...

WordPress PostX Plugin <= 4.1.15 is vulnerable to Cross Site Scripting (XSS)

Software PostX Type Plugin Vulnerable versions = 4.1.15 Fixed in 4.1.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50513 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 43389f55b268 Credits Hwang Se-yeon Required privilege Author...

WordPress PostX plugin < 4.1.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin PostX versions 4.1.0...

WordPress PostX Plugin < 4.1.0 is vulnerable to Cross Site Scripting (XSS)

Software PostX Type Plugin Vulnerable versions 4.1.0 Fixed in 4.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4305 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a6a72a8e520 Credits Dmitrii Ignatyev Required privilege...

WordPress PostX Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software PostX Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3992 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c90860a27d52 Credits Bob Matyas Required privileg...

WordPress PostX Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS)

Software PostX Type Plugin Vulnerable versions = 2.9.9 Fixed in 2.9.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36385 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 34333ee198ac Credits Le Ngoc Anh Required...