Wpxpo Postx

15 CVEs affecting Wpxpo Postx. Latest disclosed: 2026-01-22. Critical: 0, High: 5.

Top CVEs affecting Wpxpo Postx
CVESeverityScorePublishedSummary
CVE-2024-10728High8.82024-11-16The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a mis…
CVE-2025-69313High7.52026-01-22Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pos…
CVE-2025-55707High7.22025-12-18Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.
CVE-2025-54751High7.12025-12-18Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pos…
CVE-2023-36385High7.12023-07-25Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions.
CVE-2024-4305Medium6.82024-06-17The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputtin…
CVE-2025-31096Medium6.52025-03-28Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue…
CVE-2024-53818Medium6.52024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from…
CVE-2024-50443Medium6.52024-10-28Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from…
CVE-2024-32564Medium6.52024-04-18Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue…
CVE-2023-3992Medium6.12023-08-30The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scrip…
CVE-2024-50513Medium5.92024-11-19Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows Stored XSS.This issue af…
CVE-2024-31246Medium5.42024-06-09Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pos…
CVE-2024-3239Medium5.42024-05-14The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputtin…
CVE-2025-68606Medium5.32025-12-24Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.T…