CVE-2024-10728

HIGH

PostX < 4.1.16 - Authenticated Arbitrary Plugin Installation via Missing Capability Check

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-10728. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary The repository contains a functional proof-of-concept exploit for CVE-2024-10728, demonstrating unauthorized plugin installation/activation in PostX <= 4.1.16 due to missing capability checks. The PoC includes a crafted HTTP request with a valid nonce to exploit the vulnerability.

Description

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.

Exploits (1)

nomisec WORKING POC

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2024-10728

View Code ZIP pw:eip

The repository contains a functional proof-of-concept exploit for CVE-2024-10728, demonstrating unauthorized plugin installation/activation in PostX <= 4.1.16 due to missing capability checks. The PoC includes a crafted HTTP request with a valid nonce to exploit the vulnerability.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.16

Auth required

Prerequisites: Authenticated access with Subscriber-level privileges or higher · Valid nonce from the target WordPress instance

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Product

https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.1.16/classes/Importer.php#L94

Product

https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.1.16/classes/Initialization.php#L330

Patch

https://plugins.trac.wordpress.org/changeset/3188636/ultimate-post/trunk/classes/Importer.php

Product

https://wordpress.org/plugins/ultimate-post/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/076f36fb-c2fb-43e0-a027-1351d3995489?source=cve

Scores

CVSS v3 8.8

EPSS 0.3649

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-862

Status published

Products (2)

wpxpo/Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX < 4.1.16

wpxpo/postx < 4.1.17

Published Nov 16, 2024

Tracked Since Feb 18, 2026