PT-2026-42722 · WordPress · Fastx+1
Itthidej Aramsri
·
Published
2026-05-22
·
Updated
2026-05-22
·
CVE-2026-2518
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FastX theme for WordPress versions prior to 1.0.3
Description
The FastX theme for WordPress allows authenticated attackers with Subscriber-level access or higher to install and activate the PostX plugin. This is caused by missing capability checks in the
ultp install callback() and ultp activate callback() functions.Recommendations
Update to a version later than 1.0.2.
As a temporary workaround, restrict access to the
ultp install callback() and ultp activate callback() functions.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fastx
Postx