CVE-2024-10728

Published November 16th, 2024

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

🥇 The #1 WordPress news, magazine, and blogging solution 📈 Highest post grid layout variations with enhanced customization 💕 A plugin by WPXPO, that empowers 65K+ businesses! 📞 Dedicated support team with 4.9/5 customer satisfaction on <a href="https://uk.trustpilot.com/review/wpxpo.com" rel="nofollow ugc">Trustpilot</a> 😲 <a href="https://trypostx.wpxpo.com/" rel="nofollow ugc">Free Demo</a> | 🔥 <a href="https://www.wpxpo.com/product/postx/" rel="nofollow ugc">PostX Pro</a> | 📃 <a href="https://www.wpxpo.com/product/postx/templates/" rel="nofollow ugc">Starter Templates</a> | 📦 <a href="https://www.wpxpo.com/product/postx/features/blocks/" rel="nofollow ugc">All Blocks</a> <h3>Ultimate Blog Website Builder for WordPress</h3> Create modern news, magazine, and blog websites with advanced Gutenberg blocks, ready-made site templates, dynamic grid layouts, and advanced post filtering – all without coding. <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/FYgSe7kgb6M?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <h3>Key Features of PostX</h3> <ul> <li>Ready-to-import starter sites to launch full blog websites in minutes.</li> <li>45+ advanced Gutenberg blocks for creating dynamic, content-rich layouts.</li> <li>250+ ready-made pattern designs to speed up page creation.</li> <li>Site builder to create custom templates for posts, categories, tags, authors, etc.</li> <li>Query builder to display posts by category, tag, author, custom taxonomy, or custom logic.</li> <li>Advanced post filtering, search, and pagination with Ajax for seamless browsing.</li> <li>Dynamic content support to pull data from custom fields, post meta, and custom post types.</li> <li>Global style settings to control colors, typography, and more across the entire site.</li> <li>Multi-column layouts and templates to create custom headers, footers, and mega menus.</li> <li>Advanced blogging tools such as table of contents, frontend post submission, and more.</li> <li>Built-in AI (ChatGPT) and SEO plugins integration for content creation</li> <li>Seamless integration with popular page builders such as Elementor, Divi, etc.</li> <li>Use custom fonts, dark mode, and more design options</li> <li>Mobile device responsive design & multi-language support</li> <li>Performance optimized codebase</li> </ul> <h3>Starter Sites – Build Any Blog Website in 3 Steps!</h3> Launch a fully designed blog website in minutes. With PostX starter sites, you can select a premade site template, customize it to match your brand, and go live – no need to spend hours manually creating every page! 👉 Check out the <a href="https://www.wpxpo.com/product/postx/templates/" rel="nofollow ugc">Starter Site Templates!</a> With PostX, you can easily build: ✅ News Websites ✅ Magazine Websites ✅ Sports News Websites ✅ Tech News Websites ✅ Gaming News Websites ✅ Crypto News Websites ✅ Movie News Websites ✅ Travel Blog Websites ✅ Personal Blog Websites ✅ Food Blog Websites ✅ And More! 👉 Step-by-step guide on creating a news blog website in WordPress using PostX: <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/xbOsCVvx1a0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <h3>Gutenberg Blocks for Professional Blog Layouts</h3> Get all the essential blocks to build a professional blog website. PostX blocks help you organize and design blog pages that are unique and visually engaging. ✔ Post Grid: Showcase posts with 7+ cool grid layouts – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid6829" rel="nofollow ugc">View Demo</a> ✔ Post List: Present content in structured list formats – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid6836" rel="nofollow ugc">View Demo </a> ✔ Post Slider & Carousel: Highlight featured posts with interactive sliders – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid7487" rel="nofollow ugc">View Demo</a> ✔ Post Module: Display posts in structured, magazine-style layouts – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid6825" rel="nofollow ugc">View Demo</a> ✔ Mega Menu: Create advanced navigation menus – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid8819" rel="nofollow ugc">View Demo</a> ✔ Row/Column Block: Build structured layouts easily – <a href="https://www.wpxpo.com/product/postx/features/row-column-block/" rel="nofollow ugc">View Demo</a> ✔ Image Block: Style images with advanced controls – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid6843" rel="nofollow ugc">View Demo</a> ✔ News Ticker: Display trending posts dynamically – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid6845" rel="nofollow ugc">View Demo</a> ✔ Search Block: Ajax search for better navigation – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid8233" rel="nofollow ugc">View Demo</a> ✔ Star Rating: Add rating systems to highlight content – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid8858" rel="nofollow ugc">View Demo</a> ✔ Accordion Block: Display expandable content sections – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid8851" rel="nofollow ugc">View Demo</a> ✔ Button Group: Stylish CTA buttons for more engagement – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid7952" rel="nofollow ugc">View Demo</a> ✔ Taxonomy Block: Categories and tags in engaging designs – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid6841" rel="nofollow ugc">View Demo</a> ✔ Image Gallery Block: Create visually rich image sections – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid8951" rel="nofollow ugc">View Demo</a> ✔ Tabs Block: Organize blocks under tabs for improved visual – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid9045" rel="nofollow ugc">View Demo</a> ✔ YouTube Gallery Block: Show video content in organized layouts – <a href="https://www.wpxpo.com/product/postx/features/blocks/#demoid9096" rel="nofollow ugc">View Demo</a> ✔ <a href="https://www.wpxpo.com/product/postx/features/blocks/#site-cat-builder" rel="nofollow ugc">More 20+</a> Dynamic builder block <h3>Dynamic Gutenberg Site Builder</h3> Design every part of your website exactly the way you want with PostX’s dynamic site builder. Create unique templates for specific pages to make them stand out – or maintain consistency with the same template. ✔ Diverse layouts for category and tag pages ✔ Cool designs for archive Pages ✔ Custom blog post templates ✔ Custom Search & date pages ✔ Custom 404 Not Found Pages ✔ Custom home page designs ✔ Custom author pages <a href="https://www.wpxpo.com/product/postx/features/gutenberg-site-builder/" rel="nofollow ugc">👉 More about the</a> Dynamic Site Builder <h3>Query Builder for Enhanced Content Display</h3> Choose exactly what content to show inside a section. Using the Quick Query feature, you can utilize advanced sorting options and customization options for maximum control over content display. Here is the list of essential post-displaying options: ✔ Display Posts Based on Category ✔ Display Posts Based on Tags ✔ Display Specific Posts/Pages ✔ Display Posts from Specific Authors ✔ Display Custom Post Types ✔ Popular Posts ✔ Random Posts ✔ Oldest Posts ✔ Most Commented Posts ✔ Top Posts of the Month ✔ All-time Favorites ✔ Alphabetical ASC ✔ Alphabetical DESC ✔ Reorder Posts ✔ Exclude Posts And a lot of other options! 👉 Learn about <a href="https://www.wpxpo.com/product/postx/features/advanced-query-builder/" rel="nofollow ugc">Query Builder</a> <h3>Advanced Post Filter</h3> Let users easily filter and find the posts they are looking for – without reloading the whole page. You have all essential post-filtering options, including: ✔ Filter By Ascending and Descending ✔ Filter By Custom Taxonomy ✔ Post Filter By Category ✔ Post Filter By Author ✔ Advanced Sort Filter ✔ Post Filter Tags ✔ Order By Filter ✔ Search Filter 👉 Details about <a href="https://www.wpxpo.com/product/postx/features/wordpress-post-filter/" rel="nofollow ugc">Advanced Post Filter</a> <h3>Ajax Pagination</h3> Keep users engaged with seamless Ajax-powered pagination that loads content instantly without refreshing the page. PostX offers multiple pagination styles so you can choose what fits your website. ✔ Load More pagination ✔ Numeric pagination ✔ Next/previous pagination 👉 Check out details for <a href="https://www.wpxpo.com/product/postx/features/ajax-pagination/" rel="nofollow ugc">Ajax Pagination</a> <h3>Enhanced Blogging Features</h3> Take your blog to the next level with advanced features designed to improve engagement, usability, and content management. <a href="https://www.wpxpo.com/product/postx/features/front-end-post-submission/" rel="nofollow ugc">Front End Post Submission</a> Allow writers to submit content directly from the front end without giving them access to the WordPress dashboard. Perfect for managing guest and freelance writers. Dynamic Content Pull data dynamically from any post type and display information such as post meta, custom fields, and more. <a href="https://www.wpxpo.com/product/postx/features/table-of-content-wordpress/" rel="nofollow ugc">Table of Contents</a> Add a structured table of contents to posts that improves readability and navigation – which also helps in SEO. <a href="https://www.wpxpo.com/product/postx/features/reading-progress-bar/" rel="nofollow ugc">Reading Progress Bar</a> Show a visual progress bar on posts to highlight how much the visitor has read or scrolled. You can also add the progress bar to any page of your WordPress site. <a href="https://www.wpxpo.com/product/postx/features/wordpress-taxonomy-image-and-color/" rel="nofollow ugc">Taxonomy Image & Color</a> Add featured images and desired colors to categories, tags, and custom post types – making the taxonomies more visually appealing. <h3>Header, Footer & Mega Menu Builder</h3> Improve your site’s navigation and direct visitors to highlighted sections of your site using fully customizable headers, footers, and mega menus. ✔ A wide library of premade header and footer templates ✔ Option to create different headers/footers for different pages ✔ Build advanced mega menus with rich layouts, images, and content Learn about: <a href="https://www.wpxpo.com/product/postx/features/mega-menu/" rel="nofollow ugc">PostX Mega menu</a> Learn about: <a href="https://www.wpxpo.com/product/postx/features/header-footer-builder/" rel="nofollow ugc">PostX Header & Footer</a> <h3>Premade Patterns</h3> Speed up your blog creation with a library of ready-made designs. Instead of building sections from scratch, choose from professionally designed layouts and customize them to fit your brand. Check out the live demo of <a href="https://www.wpxpo.com/product/postx/features/patterns/" rel="nofollow ugc">Premade Patterns.</a> <h3>Blog Design & Customization</h3> Control the aesthetics of your entire blog effortlessly. Create a unique and consistent brand identity with global settings while having block-level control over designs. Block-level Settings Fine-tune every part of your blog layout with powerful styling controls built directly into each block. Easily switch between different layout variations, customize individual elements like title, image, meta, taxonomy, excerpt, and more. <a href="https://www.wpxpo.com/product/postx/features/wordpress-global-styles/" rel="nofollow ugc">Global Styles</a> Choose the colors and typography that you prefer and apply them globally across your website for a consistent look and feel. <a href="https://www.wpxpo.com/product/postx/features/custom-fonts-for-wordpress/" rel="nofollow ugc">Custom Fonts</a> Upload and use custom fonts that align with your brand guidelines. Use them with single or multiple variations – and use them inside PostX’s blocks with full typography customization options. Dark Mode & RTL Support Give your readers a modern, eye-friendly experience with a built-in Light/Dark mode toggle. Also, we provide RTL support, which ensures a seamless reading experience for users who prefer right-to-left languages. <h3>Integrations & Compatibility</h3> PostX works seamlessly with your favorite tools and enhances your blog management workflow. AI Integration Integrate with your ChatGPT account to easily create and optimize content directly inside WordPress. Gutenberg Blocks in Page Builders Love the comfort of your favorite page builders? Easily use Gutenberg blocks and any PostX-created designs directly inside popular page builders such as: ✔ Elementor ✔ Divi ✔ WPBakery ✔ Oxygen ✔ Bricks Builder ✔ Beaver Design and reuse any set of designs with the help of the <a href="https://www.wpxpo.com/product/postx/features/saved-template/" rel="nofollow ugc">Saved Template</a> feature of PostX. <h3>SEO Plugins Support</h3> Fully compatible with major SEO plugins like Rank Math, Yoast, All-in-One SEO, Squirrly, SEOPress and others to display custom meta descriptions easily inside content. <h3>PostX Recommended Themes</h3> PostX should work properly with all popular WordPress themes. We have personally tested with various themes. Here is a list of themes that are fully compatible with PostX. ✔ Twenty Twenty-Five ✔ Astra ✔ Blocksy ✔ Kadence ✔ Generatepress ✔ Rishi Theme ✔ Neve ✔ Ocean WP ✔ Blossom Theme ✔ Block WP <h3>Upcoming Features</h3> <ul> <li>Dynamic Image Generation</li> <li>Infinite Scroll</li> <li>Icon Block</li> <li>Instagram Blocks</li> <li>Countdown Timer Blocks</li> </ul> Have a cool idea for a feature? Let us know: <a href="https://www.wpxpo.com/product/postx/roadmap/" rel="nofollow ugc">Request a feature</a> <h3>Recommended by the WordPress Experts</h3> Check out what Paul C (WPTuts) had to say about PostX. <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/fh72g1wPVa0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> Check out the video of Jack Cao and learn how to create a News Magazine Website for free. <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/X4vKrjcSpI8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> Check out how Alyssa creates a complete news website in minutes using PostX. <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/s9w8Mt34_AQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <h3>Translations</h3> PostX plugin is compatible with WPML Plugin and also it works perfectly with loco translate plugin. You can Translate PostX on <a href="https://translate.wordpress.org/projects/wp-plugins/ultimate-post/" rel="nofollow ugc">translate.wordpress.org</a>. <h3>Liked PostX?</h3> <ul> <li>Join our <a href="https://www.facebook.com/groups/gutenbergpostx" rel="nofollow ugc">Facebook Group</a>.</li> <li>Learn from our tutorials on <a href="https://www.youtube.com/channel/UC9I7kzTtG31YlWdG3iL42Jg" rel="nofollow ugc">YouTube Channel</a>.</li> </ul> <h3>Author</h3> Developed by <a href="https://www.wpxpo.com" rel="nofollow ugc">WPXPO</a>. <a href="https://bitbucket.org/wpstabon/ultimate-post/src/master/" rel="nofollow ugc">Contribute to Gutenberg Post Blocks on Bitbucket</a> and join the party. <h3>Other Plugins by WPXPO</h3> We are glad that you are considering PostX. We have more amazing plugins that you can check out: 📄 <a href="https://wordpress.org/plugins/wow-pdf-invoices-packing-slips/" rel="ugc">WowInvoice 🔥:</a> A comprehensive PDF invoices & packing slips plugin for WooCommerce that automates documents like invoices, packing slips, and picklists. 🚚 <a href="https://wordpress.org/plugins/wow-table-rate-shipping/" rel="ugc">WowShipping 🔥:</a> The complete table rate shipping plugin for WooCommerce, featuring 30+ flexible conditions and integrations with popular carriers like UPS, USPS, DHL, Sendle, and more. ➕ <a href="https://wordpress.org/plugins/product-addons/" rel="ugc">WowAddons 🔥 :</a> The ultimate product addons plugin with 25+ extra product options, custom fields, allowing you to sell customizable products and increase average order v

WordPress Plugin Directory

2.89M