cleantalk
Vulnerabilities and Security Researches

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX, CVE-2025-12980

CVE, Research URL

CVE-2025-12980

Home page URL

Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Application

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Published on
Dec 21, 2025
Research Description
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to retrieve sensitive user metadata, including password hashes.
Affected versions
max 5.0.4.
Status
vulnerable
Previous vulnerability researches
WP Featured Screenshot (CVE-2025-32557) , Apr 15, 2025
New vulnerability
Lucky Wheel for WooCommerce – Spin a Sale (CVE-2025-14509) , Jan 10, 2026
WP Voting Contest Lite (CVE-2025-60086) , Jan 10, 2026
Custom Related Posts (CVE-2025-68033) , Jan 10, 2026
Image Photo Gallery Final Tiles Grid (CVE-2025-13693) , Jan 10, 2026
Image Photo Gallery Final Tiles Grid (CVE-2025-14455) , Jan 10, 2026