What the vulnerability does
01Description
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
What the vulnerability does
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.
Explanation of Vulnerability in Simple Terms
PostX versions up to 4.1.36 lack proper authorization checks, allowing authenticated users to modify content they should not have access to. An attacker with a low-privilege account can change data belonging to other users or restricted areas of the site. The vulnerability requires a valid login but no special interaction from victims.
What an attacker can do
Modify or alter content and data belonging to other users or restricted site areas.
Potential impact on your site
Any registered user can alter posts, settings, or data they should not be able to edit, risking data integrity and unauthorized changes.
Conditions required to exploit
Attacker must have a valid user account with low-level privileges on the site.
Key dates
External resources
Related vulnerabilities