Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
PostX plugin for WordPress lets attackers change post sharing counts
CVE-2026-0718
Summary
The PostX plugin for WordPress allows attackers to change how many times posts are shared, even if they're private or in draft mode. This could be used to manipulate post popularity or spread misinformation. Update to the latest version of the plugin to fix this issue.
Original title
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_share...
Original description
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_shareCount_callback() function in all versions up to, and including, 5.0.5. This makes it possible for unauthenticated attackers to modify the share_count post meta for any post, including private or draft posts.
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026