cleantalk
Vulnerabilities and Security Researches

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX, CVE-2026-1273

CVE, Research URL

CVE-2026-1273

Home page URL

Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Application

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Published on
Mar 04, 2026
Research Description
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the `/ultp/v3/starter_dummy_post/` and `/ultp/v3/starter_import_content/` REST API endpoints. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
max 5.0.9.
Status
vulnerable
Previous vulnerability researches
Secure Copy Content Protection and Content Locking (CVE-2025-14159) , Jan 11, 2026
Secure Copy Content Protection and Content Locking (CVE-2025-14442) , Jan 11, 2026
Secure Copy Content Protection and Content Locking (CVE-2025-30905) , Apr 04, 2025
Secure Copy Content Protection and Content Locking (CVE-2025-1404) , Mar 02, 2025
Secure Copy Content Protection and Content Locking (CVE-2026-25335) , Feb 27, 2026
New vulnerability
3D FlipBook – PDF Flipbook WordPress (CVE-2026-1314) , Apr 15, 2026
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2026-1454) , Apr 15, 2026
wpForo Forum (CVE-2026-1581) , Apr 15, 2026
wpForo Forum (CVE-2026-0910) , Apr 15, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-0550) , Apr 15, 2026