CVE-2025-12980
Unauthorized Data Access in PostX Plugin via REST API Endpoint
Publication date: 2025-12-21
Last updated on: 2025-12-21
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | post_grid_gutenberg_blocks | 5.0.3 |
| wordpress | post_grid_gutenberg_blocks | 5.0.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Post Grid Gutenberg Blocks for News, Magazines, Blog Websites β PostX WordPress plugin, where a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint allows unauthenticated attackers to access sensitive user metadata, including password hashes. Essentially, the plugin did not properly verify if a user was authorized to access certain data, enabling unauthorized data retrieval.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive user information, such as password hashes. This could allow attackers to compromise user accounts or escalate privileges, potentially leading to further exploitation of the affected WordPress site.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by monitoring for unauthorized access attempts to the '/ultp/v2/get_dynamic_content/' REST API endpoint on your WordPress site. Specifically, look for unauthenticated requests retrieving sensitive user metadata. Using command-line tools like curl or wget, you can test access to this endpoint without authentication to see if sensitive data is returned. For example, you might run: curl -X GET https://yourwordpresssite.com/wp-json/ultp/v2/get_dynamic_content/ and check if sensitive user data or password hashes are returned. Additionally, reviewing web server logs for unusual GET requests to this endpoint from unauthenticated sources can help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Post Grid Gutenberg Blocks (PostX) plugin to version 5.0.4 or later, where the vulnerability is patched. The patch introduces proper access control checks on the REST API endpoint, including capability checks for private, draft, pending, and password-protected posts, preventing unauthorized data access. If updating immediately is not possible, restrict access to the '/ultp/v2/get_dynamic_content/' endpoint via firewall rules or web server configuration to block unauthenticated requests. [2]