Filtered by vendor Wpxpo
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2579 | 2 Wordpress, Wpxpo | 2 Wordpress, Wowstore – Store Builder & Product Blocks For Woocommerce | 2026-03-17 | 7.5 High |
| The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-1720 | 2 Wordpress, Wpxpo | 2 Wordpress, Wowoptin: Next-gen Popup Maker – Create Stunning Popups And Optins For Lead Generation | 2026-03-06 | 8.8 High |
| The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'install_and_active_plugin' function in all versions up to, and including, 1.4.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins. | ||||
| CVE-2026-1273 | 2 Wordpress, Wpxpo | 2 Wordpress, Post Grid Gutenberg Blocks For News, Magazines, Blog Websites – Postx | 2026-03-04 | 7.2 High |
| The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the `/ultp/v3/starter_dummy_post/` and `/ultp/v3/starter_import_content/` REST API endpoints. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2026-2001 | 2 Wordpress, Wpxpo | 2 Wordpress, Wowrevenue – Product Bundles & Bulk Discounts | 2026-02-18 | 8.8 High |
| The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::install_activate_plugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-69313 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-01-27 | 7.5 High |
| Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3. | ||||
| CVE-2025-68606 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-01-20 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3. | ||||
| CVE-2025-55707 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-01-20 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35. | ||||
| CVE-2025-54751 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-01-20 | 7.1 High |
| Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36. | ||||
| CVE-2025-12980 | 3 Post Grid Team By Wpxpo, Wordpress, Wpxpo | 4 Postx-gutenberg Blocks For Post Grid, Wordpress, Postx and 1 more | 2025-12-23 | 7.5 High |
| The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to retrieve sensitive user metadata, including password hashes. | ||||
| CVE-2024-50443 | 1 Wpxpo | 1 Postx | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.12. | ||||
| CVE-2025-31096 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX allows DOM-Based XSS. This issue affects PostX: from n/a through 4.1.25. | ||||
| CVE-2024-10728 | 1 Wpxpo | 2 Postx, Postx - Gutenberg Blocks For Post Grid | 2025-07-09 | 8.8 High |
| The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | ||||
| CVE-2025-39571 | 1 Wpxpo | 1 Wowstore | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4. | ||||
| CVE-2024-3239 | 1 Wpxpo | 1 Postx | 2025-05-14 | 5.4 Medium |
| The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-4305 | 2 Wpdownloadmanager, Wpxpo | 2 Gutenberg Blocks For Wordpress Download Manager, Postx | 2025-05-13 | 6.8 Medium |
| The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-23512 | 1 Wpxpo | 1 Wowstore | 2025-05-07 | 8.7 High |
| Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4. | ||||
| CVE-2023-3992 | 1 Wpxpo | 1 Postx | 2025-04-23 | 6.1 Medium |
| The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-30224 | 2 Wholesale Team, Wpxpo | 2 Wholesalex, Wholesalex | 2025-04-08 | 10 Critical |
| Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. | ||||
| CVE-2024-30234 | 1 Wpxpo | 1 Wholesalex | 2025-03-27 | 6.5 Medium |
| Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | ||||
| CVE-2024-30233 | 1 Wpxpo | 1 Wholesalex | 2025-03-27 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | ||||