PT-2026-22856 · WordPress · Postx
Pouria Shahba
·
Published
2026-03-04
·
Updated
2026-03-04
·
CVE-2026-1273
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PostX plugin for WordPress versions up to and including 5.0.8
Description
The PostX plugin for WordPress is susceptible to Server-Side Request Forgery. This allows authenticated attackers with Administrator-level access or higher to make web requests to arbitrary locations from the web application. This can be used to query and modify information from internal services. The issue is present through the
/ultp/v3/starter dummy post/ and /ultp/v3/starter import content/ API endpoints. The ultp parameter is involved in the vulnerability.Recommendations
Update the PostX plugin to a version newer than 5.0.8.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Postx