Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpxpo — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting wpxpo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wpxpo operates as a specialized platform facilitating the exchange of zero-day exploits and advanced persistent threat tools, primarily targeting enterprise and government infrastructure. Its core business model revolves around monetizing high-value vulnerabilities, creating a lucrative underground economy for cybercriminals and state-sponsored actors. Historically, the platform has been associated with critical vulnerability classes, including Remote Code Execution (RCE), SQL injection, and privilege escalation flaws, often leveraging unpatched software in widely used enterprise applications. Security researchers have identified wpxpo as a significant threat vector due to its role in accelerating the weaponization of newly discovered bugs before patches are deployed. Major incidents involving this entity highlight the dangers of unregulated exploit markets, where sensitive data and system integrity are routinely compromised. The platform’s existence underscores the urgent need for improved vulnerability disclosure practices and robust defensive postures against sophisticated, commercially driven cyber threats.

Top products by wpxpo: PostX Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX WowStore WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation PostX – Gutenberg Post Grid Blocks ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks WowRevenue WowRevenue – Product Bundles & Bulk Discounts WowStore – Store Builder & Product Blocks for WooCommerce WowOptin
CVE IDTitleCVSSSeverityPublished
CVE-2026-0718 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-862 5.3 Medium2026-04-16
CVE-2026-39700 WordPress WowOptin plugin <= 1.4.32 - Broken Access Control vulnerability — WowOptinCWE-862 5.3 Medium2026-04-08
CVE-2026-4302 WowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API — WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead GenerationCWE-918 7.2 High2026-03-21
CVE-2026-2579 WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter — WowStore – Store Builder & Product Blocks for WooCommerceCWE-89 7.5 High2026-03-17
CVE-2026-1720 WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation — WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead GenerationCWE-862 8.8 High2026-03-05
CVE-2026-1273 PostX <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-918 7.2 High2026-03-04
CVE-2026-2001 WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation — WowRevenue – Product Bundles & Bulk DiscountsCWE-862 8.8 High2026-02-16
CVE-2025-69313 WordPress PostX plugin <= 5.0.3 - Broken Access Control vulnerability — PostXCWE-862 7.5 High2026-01-22
CVE-2025-68606 WordPress PostX plugin <= 5.0.3 - Sensitive Data Exposure vulnerability — PostXCWE-497 5.3 Medium2025-12-24
CVE-2025-12980 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-862 7.5 High2025-12-21
CVE-2025-55707 WordPress PostX Plugin <= 4.1.35 - Privilege Escalation Vulnerability — PostXCWE-266 7.2 High2025-12-18
CVE-2025-54751 WordPress PostX plugin <= 4.1.36 - Broken Access Control vulnerability — PostXCWE-862 7.1 High2025-12-18
CVE-2025-62070 WordPress WowRevenue plugin <= 1.2.13 - Broken Access Control vulnerability — WowRevenueCWE-862 4.3 Medium2025-10-22
CVE-2025-39571 WordPress WowStore plugin <= 4.2.4 - Broken Access Control Vulnerability — WowStoreCWE-862 4.3 Medium2025-04-16
CVE-2025-31096 WordPress PostX plugin <= 4.1.25 - Cross Site Scripting (XSS) Vulnerability — PostXCWE-79 6.5 Medium2025-03-28
CVE-2023-45271 WordPress ProductX – Gutenberg WooCommerce Blocks plugin <= 2.7.8 - Broken Access Control vulnerability — WowStoreCWE-862 4.3 Medium2025-01-02
CVE-2024-53818 WordPress PostX plugin <= 4.1.15 - Cross Site Scripting (XSS) vulnerability — PostXCWE-79 6.5 Medium2024-12-09
CVE-2024-50513 WordPress PostX plugin <= 4.1.15 - Cross Site Scripting (XSS) vulnerability — PostXCWE-79 5.9 Medium2024-11-19
CVE-2024-10728 PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-862 8.8 High2024-11-16
CVE-2024-50443 WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability — PostXCWE-79 6.5 Medium2024-10-28
CVE-2024-31246 WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability — PostXCWE-862 5.4 Medium2024-06-09
CVE-2024-5326 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-862 8.8 High2024-05-30
CVE-2024-5223 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-79 6.4 Medium2024-05-30
CVE-2024-32564 WordPress PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability — PostXCWE-79 6.5 Medium2024-04-18
CVE-2024-23512 WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection — ProductX – WooCommerce Builder & Gutenberg WooCommerce BlocksCWE-502 8.7 High2024-02-12
CVE-2023-36385 WordPress PostX – Gutenberg Blocks for Post Grid Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS) — PostX – Gutenberg Post Grid BlocksCWE-79 7.1 High2023-07-25

This page lists every published CVE security advisory associated with wpxpo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.