cleantalk
Vulnerabilities and Security Researches

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX, CVE-2025-31096

CVE, Research URL

CVE-2025-31096

Home page URL

Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Application

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Published on
Mar 28, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX allows DOM-Based XSS. This issue affects PostX: from n/a through 4.1.25.
Affected versions
max 4.1.26.
Status
vulnerable
Previous vulnerability researches
WP Ultimate Post Grid (CVE-2024-9051) , Oct 12, 2024
WP Ultimate Post Grid (CVE-2024-4043) , Jun 06, 2024
Ultimate Posts Widget (CVE-2024-0561) , Jun 07, 2024
Ultimate Posts Widget (CVE-2023-38514) , Mar 21, 2025
Ultimate Posts Widget (CVE-2023-0958) , Jun 07, 2024
New vulnerability
AM Events (CVE-2025-69006) , Jan 11, 2026
Master Addons for Elementor (CVE-2025-63053) , Jan 11, 2026
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2025-13367) , Jan 11, 2026
Branda – White Label WordPress, Custom Login Page Customizer (CVE-2025-14998) , Jan 11, 2026
WPBulky – WordPress Bulk Edit Post Types (CVE-2025-68550) , Jan 11, 2026