cleantalk
Vulnerabilities and Security Researches

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX, CVE-2026-0718

CVE, Research URL

CVE-2026-0718

Home page URL

Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Application

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Published on
Apr 16, 2026
Research Description
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_shareCount_callback() function in all versions up to, and including, 5.0.5. This makes it possible for unauthenticated attackers to modify the share_count post meta for any post, including private or draft posts.
Affected versions
max 5.0.6.
Status
vulnerable
Previous vulnerability researches
Projectopia – WordPress Project Management Plugin (CVE-2025-32648) , Apr 20, 2025
Projectopia – WordPress Project Management Plugin (CVE-2025-59133) , Apr 27, 2026
Projectopia – WordPress Project Management Plugin (CVE-2024-54336) , Dec 15, 2024
Projectopia – WordPress Project Management Plugin (CVE-2025-12876) , Dec 11, 2025
Projectopia – WordPress Project Management Plugin (CVE-2023-33999) , Jun 13, 2026
New vulnerability
All-in-One Addons for Elementor – WidgetKit (CVE-2025-8779) , Jun 14, 2026
Beaver Builder – WordPress Page Builder (CVE-2025-69319) , Jun 14, 2026
Beaver Builder – WordPress Page Builder (CVE-2026-40744) , Jun 14, 2026
Checkout with Zelle on Woocommerce (CVE-2023-33999) , Jun 14, 2026
WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings (CVE-2023-33999) , Jun 14, 2026