cleantalk
Vulnerabilities and Security Researches

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX, CVE-2026-1273

CVE, Research URL

CVE-2026-1273

Home page URL

Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Application

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Published on
Mar 04, 2026
Research Description
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the `/ultp/v3/starter_dummy_post/` and `/ultp/v3/starter_import_content/` REST API endpoints. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
max 5.0.9.
Status
vulnerable
Previous vulnerability researches
PDF Flipbook, 3D Flipbook – DearFlip (CVE-2025-5314) , Jul 04, 2025
PDF Flipbook, 3D Flipbook – DearFlip (CVE-2024-8717) , Oct 24, 2024
PDF Flipbook, 3D Flipbook – DearFlip (CVE-2024-11830) , Jan 09, 2025
PDF Flipbook, 3D Flipbook – DearFlip (CVE-2021-24732) , Jun 07, 2024
PDF Flipbook, 3D Flipbook – DearFlip (CVE-2024-29807) , Jun 07, 2024
New vulnerability
EmailKit -WooCommerce Email Customizer (CVE-2026-1925) , Apr 15, 2026
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2026-1651) , Apr 15, 2026
Contact Form builder with drag & drop for WordPress – Kali Forms (CVE-2026-1860) , Apr 15, 2026
Related Posts by Taxonomy (CVE-2026-0916) , Apr 15, 2026
Ivory Search – WordPress Search Plugin (CVE-2026-1053) , Apr 15, 2026