Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

WPXPO

Source -

CNA

BOS Name -

N/A

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
8Vulnerabilities found
CVE-2025-69313
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.71%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PostX plugin <= 5.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.

Action-Not Available
Vendor-WPXPO
Product-PostX
CWE ID-CWE-862
Missing Authorization
CVE-2025-68606
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.04%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PostX plugin <= 5.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.

Action-Not Available
Vendor-WPXPO
Product-PostX
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-55707
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 07:21
Updated-20 Jan, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PostX Plugin <= 4.1.35 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.

Action-Not Available
Vendor-WPXPO
Product-PostX
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-54751
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.99%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 07:21
Updated-20 Jan, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PostX plugin <= 4.1.36 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.

Action-Not Available
Vendor-WPXPO
Product-PostX
CWE ID-CWE-862
Missing Authorization
CVE-2025-62070
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.92%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 14:32
Updated-20 Jan, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WowRevenue plugin <= 1.2.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPXPO WowRevenue revenue.This issue affects WowRevenue: from n/a through <= 1.2.13.

Action-Not Available
Vendor-WPXPO
Product-WowRevenue
CWE ID-CWE-862
Missing Authorization
CVE-2025-57958
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.04%
||
7 Day CHG+0.01%
Published-22 Sep, 2025 | 18:24
Updated-24 Sep, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WowAddons Plugin <= 1.0.17 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WPXPO WowAddons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowAddons: from n/a through 1.0.17.

Action-Not Available
Vendor-WPXPO
Product-WowAddons
CWE ID-CWE-862
Missing Authorization
CVE-2025-39571
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.90%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-16 Apr, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WowStore <= 4.2.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4.

Action-Not Available
Vendor-WPXPO
Product-WowStore
CWE ID-CWE-862
Missing Authorization
CVE-2025-31096
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.57%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 09:39
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PostX <= 4.1.25 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX allows DOM-Based XSS. This issue affects PostX: from n/a through 4.1.25.

Action-Not Available
Vendor-WPXPO
Product-PostX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')