cleantalk
Vulnerabilities and Security Researches

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX, CVE-2026-0718

CVE, Research URL

CVE-2026-0718

Home page URL

Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Application

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Published on
Apr 16, 2026
Research Description
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_shareCount_callback() function in all versions up to, and including, 5.0.5. This makes it possible for unauthenticated attackers to modify the share_count post meta for any post, including private or draft posts.
Affected versions
max 5.0.6.
Status
vulnerable
Previous vulnerability researches
Simple File List (CVE-2025-34085) , Jul 13, 2025
Simple File List (CVE-2025-47450) , May 09, 2025
Simple File List (CVE-2020-36847) , Jun 13, 2026
Simple File List (CVE-2022-1119) , Jun 07, 2024
Simple File List (CVE-2020-12832) , Jun 07, 2024
New vulnerability
All-in-One Addons for Elementor – WidgetKit (CVE-2025-8779) , Jun 14, 2026
Beaver Builder – WordPress Page Builder (CVE-2025-69319) , Jun 14, 2026
Beaver Builder – WordPress Page Builder (CVE-2026-40744) , Jun 14, 2026
Checkout with Zelle on Woocommerce (CVE-2023-33999) , Jun 14, 2026
WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings (CVE-2023-33999) , Jun 14, 2026