Wpxpo

Postx

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-69313

  • EPSS 0.05%
  • Veröffentlicht 22.01.2026 16:52:32
  • Zuletzt bearbeitet 27.01.2026 19:16:12

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.

7.5

CVE-2025-68606

  • EPSS 0.05%
  • Veröffentlicht 24.12.2025 13:10:48
  • Zuletzt bearbeitet 20.01.2026 15:19:52

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.

7.5

CVE-2025-12980

  • EPSS 0.12%
  • Veröffentlicht 21.12.2025 02:20:32
  • Zuletzt bearbeitet 23.12.2025 14:51:52

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up ...

7.1

CVE-2025-54751

  • EPSS 0.04%
  • Veröffentlicht 18.12.2025 07:21:50
  • Zuletzt bearbeitet 20.01.2026 15:17:01

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.

7.2

CVE-2025-55707

  • EPSS 0.05%
  • Veröffentlicht 18.12.2025 07:21:50
  • Zuletzt bearbeitet 20.01.2026 15:17:03

Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.

6.5

CVE-2025-31096

  • EPSS 0.14%
  • Veröffentlicht 28.03.2025 09:39:51
  • Zuletzt bearbeitet 28.03.2025 18:11:40

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX allows DOM-Based XSS. This issue affects PostX: from n/a through 4.1.25.

6.5

CVE-2024-53818

  • EPSS 0.2%
  • Veröffentlicht 09.12.2024 13:15:41
  • Zuletzt bearbeitet 09.12.2024 13:15:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15.

5.9

CVE-2024-50513

  • EPSS 0.1%
  • Veröffentlicht 19.11.2024 17:15:10
  • Zuletzt bearbeitet 19.11.2024 21:57:32

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15.

8.8

CVE-2024-10728

  • EPSS 76.07%
  • Veröffentlicht 16.11.2024 05:15:12
  • Zuletzt bearbeitet 09.07.2025 18:48:39

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up...

5.4

CVE-2024-50443

  • EPSS 0.11%
  • Veröffentlicht 28.10.2024 14:15:04
  • Zuletzt bearbeitet 29.09.2025 21:54:22

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.12.