CVE-2025-12980

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites  PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to retrieve sensitive user metadata, including password hashes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
WordfenceCNA
7.5 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/3421729/ultimate-post/trunk/classes/Blocks.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/e85ff3b3-de41-4ac4-b825-b3238725ca44?source=cve