Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpxpo — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting wpxpo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wpxpo:PostXPost Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXWowStoreWowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead GenerationPostX – Gutenberg Post Grid BlocksProductX – WooCommerce Builder & Gutenberg WooCommerce BlocksWowRevenueWowRevenue – Product Bundles & Bulk DiscountsWowStore – Store Builder & Product Blocks for WooCommerceWowOptin
CVE IDTitleCVSSSeverityPublished
CVE-2026-0718 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-862 5.3 Medium2026-04-16
CVE-2026-39700 WordPress WowOptin plugin <= 1.4.32 - Broken Access Control vulnerability — WowOptinCWE-862 9.1AICriticalAI2026-04-08
CVE-2026-4302 WowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API — WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead GenerationCWE-918 7.2 High2026-03-21
CVE-2026-2579 WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter — WowStore – Store Builder & Product Blocks for WooCommerceCWE-89 7.5 High2026-03-17
CVE-2026-1720 WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation — WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead GenerationCWE-862 8.8 High2026-03-05
CVE-2026-1273 PostX <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-918 7.2 High2026-03-04
CVE-2026-2001 WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation — WowRevenue – Product Bundles & Bulk DiscountsCWE-862 8.8 High2026-02-16
CVE-2025-69313 WordPress PostX plugin <= 5.0.3 - Broken Access Control vulnerability — PostXCWE-862 7.5 High2026-01-22
CVE-2025-68606 WordPress PostX plugin <= 5.0.3 - Sensitive Data Exposure vulnerability — PostXCWE-497 5.3 Medium2025-12-24
CVE-2025-12980 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-862 7.5 High2025-12-21
CVE-2025-55707 WordPress PostX Plugin <= 4.1.35 - Privilege Escalation Vulnerability — PostXCWE-266 7.2 High2025-12-18
CVE-2025-54751 WordPress PostX plugin <= 4.1.36 - Broken Access Control vulnerability — PostXCWE-862 7.1 High2025-12-18
CVE-2025-62070 WordPress WowRevenue plugin <= 1.2.13 - Broken Access Control vulnerability — WowRevenueCWE-862 4.3 Medium2025-10-22
CVE-2025-39571 WordPress WowStore plugin <= 4.2.4 - Broken Access Control Vulnerability — WowStoreCWE-862 4.3 Medium2025-04-16
CVE-2025-31096 WordPress PostX plugin <= 4.1.25 - Cross Site Scripting (XSS) Vulnerability — PostXCWE-79 6.5 Medium2025-03-28
CVE-2023-45271 WordPress ProductX – Gutenberg WooCommerce Blocks plugin <= 2.7.8 - Broken Access Control vulnerability — WowStoreCWE-862 8.2 -2025-01-02
CVE-2024-53818 WordPress PostX plugin <= 4.1.15 - Cross Site Scripting (XSS) vulnerability — PostXCWE-79 6.5 Medium2024-12-09
CVE-2024-50513 WordPress PostX plugin <= 4.1.15 - Cross Site Scripting (XSS) vulnerability — PostXCWE-79 5.9 Medium2024-11-19
CVE-2024-10728 PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-862 8.8 High2024-11-16
CVE-2024-50443 WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability — PostXCWE-79 6.5 Medium2024-10-28
CVE-2024-31246 WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability — PostXCWE-862 5.4 Medium2024-06-09
CVE-2024-5326 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-862 8.8 High2024-05-30
CVE-2024-5223 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-79 6.4 Medium2024-05-30
CVE-2024-32564 WordPress PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability — PostXCWE-79 6.5 Medium2024-04-18
CVE-2024-23512 WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection — ProductX – WooCommerce Builder & Gutenberg WooCommerce BlocksCWE-502 8.7 High2024-02-12
CVE-2023-36385 WordPress PostX – Gutenberg Blocks for Post Grid Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS) — PostX – Gutenberg Post Grid BlocksCWE-79 7.1 High2023-07-25

This page lists every published CVE security advisory associated with wpxpo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.