Ultimate Post
Sign in to watchby WordPress
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-69313 | Hig | 0.49 | 7.5 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3. | |
| CVE-2025-12980 | Hig | 0.49 | 7.5 | 0.00 | Dec 21, 2025 | The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to retrieve sensitive user metadata, including password hashes. | |
| CVE-2025-55707 | Hig | 0.47 | 7.2 | 0.00 | Dec 18, 2025 | Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35. | |
| CVE-2025-54751 | Hig | 0.46 | 7.1 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36. | |
| CVE-2025-68606 | Med | 0.34 | 5.3 | 0.00 | Dec 24, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3. |