GCVE - cpe:2.3:a:wpxpo:postx:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:wpxpo:postx:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Wpxpo (`c5bc2b74-4fb9-5b98-a1a9-71c128f75636`)
Product	Postx (`c9c0bede-7b50-5603-9cd2-ba73f401c462`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-50443`	vulnerable	2026-06-08 06:52:10.105320	WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through <= 4.1.12. Published: 2024-10-28T13:07:33.924Z Updated: 2026-04-28T16:10:29.092Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/ultimate-post/vulnerability/wordpress-postx-plugin-4-1-12-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4305`	vulnerable	2026-06-08 06:50:17.473394	PostX < 4.1.0 - Contributor+ Stored XSS The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: 2024-06-17T06:00:01.480Z Updated: 2024-08-01T20:33:53.172Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/635be98d-4c17-4e75-871f-9794d85a2eb1/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-3239`	vulnerable	2026-06-08 06:41:52.757510	PostX < 4.0.2 - Contributor+ Stored XSS The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: 2024-05-13T06:00:01.142Z Updated: 2024-11-01T19:15:08.102Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/dfa1421b-41b0-4b25-95ef-0843103e1f5e/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-31246`	vulnerable	2026-06-08 06:35:31.165236	WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability MEDIUM (5.4) Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 3.2.3. Published: 2024-06-09T08:55:52.278Z Updated: 2026-04-28T16:09:29.063Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/ultimate-post/vulnerability/wordpress-post-grid-gutenberg-blocks-and-wordpress-blog-plugin-postx-plugin-3-2-3-author-post-page-duplication-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10728`	vulnerable	2026-06-08 06:23:47.380721	PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation HIGH (8.8) The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Published: 2024-11-16T04:29:15.146Z Updated: 2026-04-08T16:33:58.119Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/076f36fb-c2fb-43e0-a027-1351d3995489?source=cve https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.1.16/classes/Importer.php#L94 https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.1.16/classes/Initialization.php#L330 https://wordpress.org/plugins/ultimate-post/ https://plugins.trac.wordpress.org/changeset/3188636/ultimate-post/trunk/classes/Importer.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3992`	vulnerable	2026-06-08 06:09:40.981755	PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: 2023-08-30T14:22:02.880Z Updated: 2025-04-23T16:18:46.976Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/c43b669f-0377-4402-833c-817b75001888	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-36385`	vulnerable	2026-06-08 06:08:11.244881	WordPress PostX – Gutenberg Blocks for Post Grid Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS) HIGH (7.1) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions. Published: 2023-07-25T13:44:31.661Z Updated: 2026-04-28T16:08:30.204Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/ultimate-post/wordpress-postx-gutenberg-post-grid-blocks-plugin-2-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.