CVE-2026-1273

Name of the Vulnerable Software and Affected Versions PostX plugin for WordPress versions up to and including 5.0.8

Description The PostX plugin for WordPress is susceptible to Server-Side Request Forgery. This allows authenticated attackers with Administrator-level access or higher to make web requests to arbitrary locations from the web application. This can be used to query and modify information from internal services. The issue is present through the /ultp/v3/starter dummy post/ and /ultp/v3/starter import content/ API endpoints. The ultp parameter is involved in the vulnerability.

Recommendations Update the PostX plugin to a version newer than 5.0.8.