What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.
Explanation of Vulnerability in Simple Terms
PostX versions up to 4.1.35 contain an improper access control vulnerability that allows high-privilege users to read, modify, or delete sensitive data and site functionality. The vulnerability requires administrator-level access to exploit and does not require user interaction. Sites running affected versions should update immediately to prevent unauthorized administrative actions.
What an attacker can do
Read, modify, or delete site data and functionality if they have administrator access.
Potential impact on your site
Administrators with compromised credentials can cause data loss, site defacement, or service disruption.
Conditions required to exploit
Attacker must have high-level administrative privileges on the site.
Key dates
External resources