CVE-2025-12980 is a vulnerability classified under CWE-862 (Missing Authorization) found in the Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress. The flaw exists because the REST API endpoint '/ultp/v2/get_dynamic_content/' does not perform proper capability checks, allowing unauthenticated users to retrieve sensitive user metadata, including password hashes. This vulnerability affects all plugin versions up to and including 5.0.3. The lack of authorization checks means that any attacker can send requests to this endpoint without credentials or user interaction, making exploitation straightforward. The exposed data, particularly password hashes, can be used for offline cracking attempts, potentially leading to account compromise and further attacks on the affected WordPress sites. The CVSS v3.1 score of 7.5 reflects the high confidentiality impact and ease of exploitation. No patches or fixes are currently linked, and no known exploits have been reported in the wild, but the vulnerability's nature demands urgent attention. The plugin is widely used in news, magazine, and blog websites, which often contain sensitive user information and have high visibility, increasing the attractiveness of these targets to attackers.

For European organizations, this vulnerability poses a significant risk to the confidentiality of user data hosted on WordPress sites utilizing the PostX plugin. Exposure of password hashes can lead to credential theft, enabling attackers to escalate privileges, impersonate users, or pivot to other systems within the organization. Media and publishing companies, educational institutions, and any entities relying on WordPress for content management are particularly vulnerable. The breach of user metadata can also result in reputational damage, regulatory penalties under GDPR for inadequate data protection, and operational disruptions if attackers leverage compromised credentials for further attacks. The ease of exploitation without authentication or user interaction increases the likelihood of automated scanning and exploitation attempts, potentially leading to widespread compromise if not addressed promptly.

1. Monitor official PostX plugin channels for security updates and apply patches immediately once available. 2. Until a patch is released, restrict access to the vulnerable REST API endpoint '/ultp/v2/get_dynamic_content/' by implementing web application firewall (WAF) rules or server-level access controls limiting requests to trusted IPs or authenticated users only. 3. Conduct an audit of user metadata and password hashes exposed to assess potential compromise and enforce password resets for affected accounts. 4. Employ rate limiting and anomaly detection on REST API endpoints to detect and block suspicious access patterns. 5. Harden WordPress installations by disabling unused REST API endpoints and plugins, and ensure the principle of least privilege is applied to user roles. 6. Educate site administrators about the risks of unauthorized REST API access and encourage regular security reviews of plugins and themes. 7. Implement multi-factor authentication (MFA) for WordPress admin accounts to reduce the impact of credential compromise.