Vulnerabilities and security researches forultimate-post ultimate-post
Direction: ascendingPost Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2021-24659
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Sep 27, 2021
- Research Description
- The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.
- Affected versions
-
max 2.4.10.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2021-24660
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Sep 27, 2021
- Research Description
- The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.
- Affected versions
-
max 2.4.10.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-31246
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Jun 09, 2024
- Research Description
- Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 3.2.3.
- Affected versions
-
max 3.2.4.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2021-24652
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Sep 27, 2021
- Research Description
- The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.
- Affected versions
-
max 2.4.10.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2021-24661
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Sep 27, 2021
- Research Description
- The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.
- Affected versions
-
max 2.4.10.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2023-36385
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Jul 25, 2023
- Research Description
- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions.
- Affected versions
-
max 2.9.10.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2023-3992
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Aug 30, 2023
- Research Description
- The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- Affected versions
-
max 3.0.6.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-32564
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Apr 18, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid allows Stored XSS.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 4.0.1.
- Affected versions
-
max 4.0.2.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-5326
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- May 30, 2024
- Research Description
- The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
- Affected versions
-
max 4.1.3.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-3239
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- May 14, 2024
- Research Description
- The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
- Affected versions
-
max 4.0.2.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-5223
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- May 30, 2024
- Research Description
- The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 4.1.2.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-5758
- CVE, Research URL
-
-
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Jun 08, 2024
- Research Description
- Rejected reason: ** REJECT ** Duplicate of CVE-2024-4305. Please use CVE-2024-4305 instead.
- Affected versions
-
max 4.1.0.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-4305
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Jun 17, 2024
- Research Description
- The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
- Affected versions
-
max 4.1.0.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-50443
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Oct 28, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.12.
- Affected versions
-
max 4.1.13.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-50513
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Nov 19, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15.
- Affected versions
-
max 4.1.16.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-10728
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Nov 16, 2024
- Research Description
- The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
- Affected versions
-
max 4.1.17.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2024-53818
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Dec 09, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15.
- Affected versions
-
max 4.1.16.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2025-31096
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Mar 28, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX allows DOM-Based XSS. This issue affects PostX: from n/a through 4.1.25.
- Affected versions
-
max 4.1.26.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2025-68606
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Dec 24, 2025
- Research Description
- Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.
- Affected versions
-
max 5.0.3.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2025-12980
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Dec 21, 2025
- Research Description
- The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to retrieve sensitive user metadata, including password hashes.
- Affected versions
-
max 5.0.4.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2025-55707
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Dec 18, 2025
- Research Description
- Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.
- Affected versions
-
max 4.1.35.
- Status
-
vulnerable
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX # CVE-2025-54751
- CVE, Research URL
- Home page URL
-
Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Date
- Dec 18, 2025
- Research Description
- Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.
- Affected versions
-
max 4.1.36.
- Status
-
vulnerable