Wpxpo Postx
15 CVEs affecting Wpxpo Postx. Latest disclosed: 2026-01-22. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-10728 | High | 8.8 | 2024-11-16 | The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a mis… |
CVE-2025-69313 | High | 7.5 | 2026-01-22 | Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pos… |
CVE-2025-55707 | High | 7.2 | 2025-12-18 | Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35. |
CVE-2025-54751 | High | 7.1 | 2025-12-18 | Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pos… |
CVE-2023-36385 | High | 7.1 | 2023-07-25 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions. |
CVE-2024-4305 | Medium | 6.8 | 2024-06-17 | The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputtin… |
CVE-2025-31096 | Medium | 6.5 | 2025-03-28 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue… |
CVE-2024-53818 | Medium | 6.5 | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from… |
CVE-2024-50443 | Medium | 6.5 | 2024-10-28 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from… |
CVE-2024-32564 | Medium | 6.5 | 2024-04-18 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue… |
CVE-2023-3992 | Medium | 6.1 | 2023-08-30 | The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scrip… |
CVE-2024-50513 | Medium | 5.9 | 2024-11-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows Stored XSS.This issue af… |
CVE-2024-31246 | Medium | 5.4 | 2024-06-09 | Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pos… |
CVE-2024-3239 | Medium | 5.4 | 2024-05-14 | The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputtin… |
CVE-2025-68606 | Medium | 5.3 | 2025-12-24 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.T… |