cbcvebase.

Wpxpo Postx vulnerabilities

15 known vulnerabilities affecting wpxpo/postx.

Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM10

Vulnerabilities

Page 1 of 1
CVE-2024-10728P2HIGHCVSS 8.8fixed in 4.1.172024-11-16
CVE-2024-10728 [HIGH] CWE-862 CVE-2024-10728: The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level ac
nvd
CVE-2024-31246P3HIGHCVSS 8.8fixed in 3.2.4≤ 3.2.32024-06-09
CVE-2024-31246 [HIGH] CWE-862 CVE-2024-31246: Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Confi Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 3.2.3.
nvd
CVE-2025-55707P3HIGHCVSS 7.2≤ 4.1.352025-12-18
CVE-2025-55707 [HIGH] CWE-266 CVE-2025-55707: Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalatio Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.
nvd
CVE-2025-69313P3HIGHCVSS 7.5≤ 5.0.32026-01-22
CVE-2025-69313 [HIGH] CWE-862 CVE-2025-69313: Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Confi Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.
nvd
CVE-2025-54751P3HIGHCVSS 7.1≤ 4.1.362025-12-18
CVE-2025-54751 [HIGH] CWE-862 CVE-2025-54751: Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Confi Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.
nvd
CVE-2024-4305P4MEDIUMCVSS 6.8fixed in 4.1.02024-06-17
CVE-2024-4305 [MEDIUM] CWE-79 CVE-2024-4305: The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not val The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
nvd
CVE-2025-68606P4MEDIUMCVSS 5.3≤ 5.0.32025-12-24
CVE-2025-68606 [MEDIUM] CWE-497 CVE-2025-68606: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO Po Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.
nvd
CVE-2024-53818P4MEDIUMCVSS 6.5≤ 4.1.152024-12-09
CVE-2024-53818 [MEDIUM] CWE-79 CVE-2024-53818: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through <= 4.1.15.
nvd
CVE-2024-32564P4MEDIUMCVSS 6.5≤ 4.0.12024-04-18
CVE-2024-32564 [MEDIUM] CWE-79 CVE-2024-32564: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through <= 4.0.1.
nvd
CVE-2025-31096P4MEDIUMCVSS 6.5≤ 4.1.252025-03-28
CVE-2025-31096 [MEDIUM] CWE-79 CVE-2025-31096: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through <= 4.1.25.
nvd
CVE-2024-3239P4MEDIUMCVSS 5.4fixed in 4.0.22024-05-14
CVE-2024-3239 [MEDIUM] CWE-79 CVE-2024-3239: The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not val The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
nvd
CVE-2024-50443P4MEDIUMCVSS 5.4fixed in 4.1.13≤ 4.1.122024-10-28
CVE-2024-50443 [MEDIUM] CWE-79 CVE-2024-50443: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through <= 4.1.12.
nvd
CVE-2023-36385P4MEDIUMCVSS 6.1≤ 2.9.92023-07-25
CVE-2023-36385 [MEDIUM] CWE-79 CVE-2023-36385: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Bloc Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions.
nvd
CVE-2024-50513P4MEDIUMCVSS 5.9≤ 4.1.152024-11-19
CVE-2024-50513 [MEDIUM] CWE-79 CVE-2024-50513: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows Stored XSS.This issue affects PostX: from n/a through <= 4.1.15.
nvd
CVE-2023-3992P4MEDIUMCVSS 6.1fixed in 3.0.62023-08-30
CVE-2023-3992 [MEDIUM] CWE-79 CVE-2023-3992: The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting i The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
nvd
Wpxpo Postx vulnerabilities | cvebase