WP-Safety

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Security & Risk Analysis

wordpress.org/plugins/ultimate-post

A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.

40K active installs v5.0.15 PHP 5.6+ WP 5.0+ Updated Apr 15, 2026
ajax-filterpost-filterpost-gridpost-listpost-slider
88
A · Safe
CVEs total24
Unpatched0
Last CVEApr 15, 2026
Download
Safety Verdict

Is Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Safe to Use in 2026?

Generally Safe

Score 88/100

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

24 known CVEsLast CVE: Apr 15, 2026Updated 1mo ago
Risk Assessment

The 'ultimate-post' plugin version 5.0.11 presents a mixed security posture. While it demonstrates good practices such as extensive use of prepared statements for SQL queries (95%) and a high rate of proper output escaping (84%), significant concerns arise from its attack surface. A large number of entry points, specifically 34 out of 52, lack proper authentication or permission checks. This includes a substantial portion of its REST API routes (31 without permission callbacks) and several AJAX handlers (3 without auth checks), creating numerous potential avenues for unauthorized access and exploitation.

The historical vulnerability data is a major red flag, with a staggering 23 known CVEs, 6 of which are high severity. The common vulnerability types, including SSRF, Information Exposure, Improper Privilege Management, Missing Authorization, and XSS, directly correlate with the identified weaknesses in the static analysis, particularly the lack of robust authorization checks on entry points. The fact that the last vulnerability was as recent as March 2026, even though it is marked as unpatched (which contradicts the '0 unpatched' data point and suggests a potential data inconsistency or a future vulnerability already accounted for), indicates a recurring pattern of security flaws within the plugin. While the current static analysis did not reveal critical taint flows or dangerous functions, the historical context and the exposed attack surface are serious indicators of potential risk.

In conclusion, despite some commendable secure coding practices, the 'ultimate-post' plugin has a history of significant security issues and possesses a large, unprotected attack surface. This combination makes it a high-risk plugin that requires immediate attention. Developers should prioritize auditing and securing all AJAX handlers and REST API routes, and users should be extremely cautious when deploying this version.

Key Concerns

  • Large attack surface without authorization
  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • High number of historical CVEs
  • High severity historical CVEs
  • Common vulnerability types indicating authorization issues
  • Recent vulnerability detected
Vulnerabilities
24 published

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Security Vulnerabilities

CVEs by Year

4 CVEs in 2021
2021
2 CVEs in 2023
2023
10 CVEs in 2024
2024
5 CVEs in 2025
2025
3 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

High
6
Medium
18

24 total CVEs

CVE-2026-0718medium · 5.3Missing Authorization

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification

Apr 15, 2026 Patched in 5.0.6 (1d)
CVE-2026-1273high · 7.2Server-Side Request Forgery (SSRF)

PostX <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints

Mar 3, 2026 Patched in 5.0.9 (1d)
CVE-2025-69313medium · 5.3Missing Authorization

PostX <= 5.0.3 - Missing Authorization

Jan 19, 2026 Patched in 5.0.4 (10d)
CVE-2025-68606medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

PostX <= 5.0.3 - Unauthenticated Information Exposure

Dec 21, 2025 Patched in 5.0.4 (17d)
CVE-2025-12980high · 7.5Missing Authorization

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

Dec 20, 2025 Patched in 5.0.4 (1d)
CVE-2025-54751medium · 4.3Missing Authorization

PostX <= 4.1.36 - Missing Authorization

Sep 2, 2025 Patched in 4.1.37 (109d)
CVE-2025-55707high · 7.2Improper Privilege Management

PostX <= 4.1.35 - Authenticated (Editor+) Privilege Escalation

Aug 29, 2025 Patched in 4.1.36 (114d)
CVE-2025-31096medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PostX <= 4.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 28, 2025 Patched in 4.1.26 (6d)
CVE-2024-53818medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PostX <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 2, 2024 Patched in 4.1.16 (11d)
CVE-2024-10728high · 8.8Missing Authorization

PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation

Nov 15, 2024 Patched in 4.1.17 (1d)
CVE-2024-50513medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PostX <= 4.1.15 - Authenticated (Author+) Stored Cross-Site Scripting

Oct 28, 2024 Patched in 4.1.16 (46d)
CVE-2024-50443medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PostX <= 4.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 24, 2024 Patched in 4.1.13 (7d)
CVE-2024-5223medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting

May 29, 2024 Patched in 4.1.2 (2d)
CVE-2024-5326high · 8.8Missing Authorization

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update

May 29, 2024 Patched in 4.1.3 (1d)
CVE-2024-4305medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.0.4 - Authenticated (Contributor+) Stored Cross=Site Scripting

May 27, 2024 Patched in 4.1.0 (18d)
CVE-2024-3239medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 22, 2024 Patched in 4.0.2 (4d)
CVE-2024-32564medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 4.0.2 (9d)
CVE-2024-31246medium · 4.3Incorrect Authorization

PostX – Gutenberg Blocks for Post Grid <= 3.2.3 - Incorrect Authorization

Apr 5, 2024 Patched in 3.2.4 (7d)
CVE-2023-3992medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PostX - Gutenberg Post Grid Blocks <= 3.0.5 - Reflected Cross-Site Scripting via 'postx_type'

Aug 2, 2023 Patched in 3.0.6 (174d)
CVE-2023-36385high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PostX – Gutenberg Blocks for Post Grid <= 2.9.9 - Unauthenticated Cross-Site Scripting

Jun 23, 2023 Patched in 2.9.10 (214d)
CVE-2021-24659medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 26, 2021 Patched in 2.4.10 (880d)
CVE-2021-24660medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Stored Cross-Site Scripting

Aug 26, 2021 Patched in 2.4.10 (880d)
CVE-2021-24661medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

PostX Gutenberg Blocks Saved Templates Addon <= 2.4.9 - Private Content Disclosure

Aug 26, 2021 Patched in 2.4.10 (880d)
CVE-2021-24652medium · 6.5Incorrect Authorization

PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Unauthorized Access Controls

Aug 17, 2021 Patched in 2.4.10 (889d)
Version History

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Release Timeline

v5.0.15Current
v5.0.14
v5.0.13
v5.0.12
v5.0.11
v5.0.10
v5.0.9
v5.0.81 CVE
CVE-2026-1273
v5.0.71 CVE
CVE-2026-1273
v5.0.61 CVE
CVE-2026-1273
v5.0.52 CVEs
CVE-2026-1273 CVE-2026-0718
v5.0.42 CVEs
CVE-2026-1273 CVE-2026-0718
v5.0.35 CVEs
CVE-2025-69313 CVE-2025-68606 CVE-2026-1273 +2 more
v5.0.15 CVEs
CVE-2025-69313 CVE-2025-68606 CVE-2026-1273 +2 more
v5.0.05 CVEs
CVE-2025-69313 CVE-2025-68606 CVE-2026-1273 +2 more
v4.1.405 CVEs
CVE-2025-69313 CVE-2025-68606 CVE-2026-1273 +2 more
v4.1.395 CVEs
CVE-2025-69313 CVE-2025-68606 CVE-2026-1273 +2 more
v4.1.385 CVEs
CVE-2025-69313 CVE-2025-68606 CVE-2026-1273 +2 more
v4.1.375 CVEs
CVE-2025-69313 CVE-2025-68606 CVE-2026-1273 +2 more
v4.1.366 CVEs
CVE-2025-69313 CVE-2025-68606 CVE-2025-54751 +3 more
Code Analysis
Analyzed Mar 16, 2026

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
21 prepared
Unescaped Output
81
433 escaped
Nonce Checks
19
Capability Checks
56
File Operations
4
External Requests
11
Bundled Libraries
0

SQL Query Safety

95% prepared22 total queries

Output Escaping

84% escaped514 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
wizard_site_status_callback (classes\Dashboard.php:398)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
34 unprotected

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Attack Surface

Entry Points52
Unprotected34

AJAX Handlers 17

authwp_ajax_ultp_next_prevclasses\Blocks.php:27
noprivwp_ajax_ultp_next_prevclasses\Blocks.php:28
authwp_ajax_ultp_filterclasses\Blocks.php:30
noprivwp_ajax_ultp_filterclasses\Blocks.php:31
authwp_ajax_ultp_adv_filterclasses\Blocks.php:33
noprivwp_ajax_ultp_adv_filterclasses\Blocks.php:34
authwp_ajax_ultp_paginationclasses\Blocks.php:36
noprivwp_ajax_ultp_paginationclasses\Blocks.php:37
authwp_ajax_ultp_share_countclasses\Blocks.php:39
noprivwp_ajax_ultp_share_countclasses\Blocks.php:40
authwp_ajax_ultp_get_nonceclasses\Blocks.php:41
noprivwp_ajax_ultp_get_nonceclasses\Blocks.php:42
authwp_ajax_ultp_deactive_pluginclasses\Deactive.php:38
authwp_ajax_install_required_pluginclasses\Importer.php:33
authwp_ajax_disable_google_fontclasses\Styles.php:31
authwp_ajax_ultp_deactive_pluginincludes\deactive\class-deactive.php:30
authwp_ajax_ultp_install_pluginincludes\durbin\class-our-plugins.php:15

REST API Routes 32

GET/wp-json/ultp/v2/get_single_premade/addons\builder\RequestAPI.php:33
GET/wp-json/ultp/v2/condition/addons\builder\RequestAPI.php:47
GET/wp-json/ultp/v2/condition_save/addons\builder\RequestAPI.php:61
GET/wp-json/ultp/v2/data_builder/addons\builder\RequestAPI.php:75
GET/wp-json/ultp/v2/get_dynamic_content/addons\dynamic_content\includes\DCController.php:31
GET/wp-json/ultp/v2/get_custom_fields/addons\dynamic_content\includes\DCController.php:99
GET/wp-json/ultp/v2/fetch_premade_data/classes\Caches.php:38
GET/wp-json/ultp/v2/addon_block_action/classes\Dashboard.php:42
GET/wp-json/ultp/v2/save_plugin_settings/classes\Dashboard.php:56
GET/wp-json/ultp/v2/get_all_settings/classes\Dashboard.php:70
GET/wp-json/ultp/v2/dashborad/classes\Dashboard.php:84
GET/wp-json/ultp/v2/wizard_site_status/classes\Dashboard.php:98
GET/wp-json/ultp/v2/send_initial_plugin_data/classes\Dashboard.php:112
GET/wp-json/ultp/v2/initial_setup_complete/classes\Dashboard.php:126
GET/wp-json/ultp/v2/template_action/classes\Dashboard.php:141
GET/wp-json/ultp/v3/single_page_import/classes\Importer.php:44
GET/wp-json/ultp/v3/deletepost_getnewsletters/classes\Importer.php:58
GET/wp-json/ultp/v3/starter_import_content/classes\Importer.php:72
GET/wp-json/ultp/v3/starter_dummy_post/classes\Importer.php:86
GET/wp-json/ultpcommon_dataclasses\REST_API.php:39
GET/wp-json/ultp/fetch_posts/classes\REST_API.php:51
GET/wp-json/ultp/specific_taxonomy/classes\REST_API.php:65
GET/wp-json/ultp/v1/search/classes\REST_API.php:79
GET/wp-json/ultp/v2/premade_wishlist_save/classes\REST_API.php:93
GET/wp-json/ultp/ultp_search_data/classes\REST_API.php:107
GET/wp-json/ultp/v2/custom_tax/classes\REST_API.php:118
GET/wp-json/ultp/v2/init_site_dark_logo/classes\REST_API.php:132
GET/wp-json/ultp/v2/get_ultp_image_size/classes\REST_API.php:146
GET/wp-json/ultp/v1/save_block_css/classes\Styles.php:49
GET/wp-json/ultp/v1/get_other_post_content/classes\Styles.php:63
GET/wp-json/ultp/v1/action_option/classes\Styles.php:77
GET/wp-json/ultp/v1/postx_presets/classes\Styles.php:91

Shortcodes 3

[gutenberg_post_blocks] addons\templates\Shortcode.php:8
[postx_template] addons\templates\Shortcode.php:9
[postx_wpbakery_widget] addons\wpbakery\wpbakery.php:11
WordPress Hooks 124
actioninitaddons\beaver_builder\init.php:10
actioninitaddons\bricks_builder\init.php:11
actioninitaddons\builder\blocks\Advance_Post_Meta.php:8
actioninitaddons\builder\blocks\Archive_Title.php:8
actioninitaddons\builder\blocks\Author_Box.php:8
actioninitaddons\builder\blocks\Next_Previous.php:8
actioninitaddons\builder\blocks\Post_Author_Meta.php:8
actioninitaddons\builder\blocks\Post_Breadcrumb.php:8
actioninitaddons\builder\blocks\Post_Category.php:8
actioninitaddons\builder\blocks\Post_Comments.php:8
actioninitaddons\builder\blocks\Post_Comment_Count.php:8
actioninitaddons\builder\blocks\Post_Content.php:8
actioninitaddons\builder\blocks\Post_Date_Meta.php:8
actioninitaddons\builder\blocks\Post_Excerpt.php:8
actioninitaddons\builder\blocks\Post_Featured_Image.php:8
actioninitaddons\builder\blocks\Post_Reading_Time.php:8
actioninitaddons\builder\blocks\Post_Social_Share.php:8
actioninitaddons\builder\blocks\Post_Tag.php:8
actioninitaddons\builder\blocks\Post_Title.php:8
actioninitaddons\builder\blocks\Post_View_Count.php:8
actionwpaddons\builder\Builder.php:17
filtertemplate_includeaddons\builder\Builder.php:18
actionadd_meta_boxesaddons\builder\Builder.php:19
actionsave_postaddons\builder\Builder.php:20
actionsave_postaddons\builder\Builder.php:21
actiondelete_postaddons\builder\Builder.php:22
actionload-post-new.phpaddons\builder\Builder.php:23
actionwp_headaddons\builder\Builder.php:45
actionastra_headeraddons\builder\Builder.php:50
actionget_headeraddons\builder\Builder.php:53
actionwp_footeraddons\builder\Builder.php:68
actionastra_footeraddons\builder\Builder.php:73
actiongenerate_footeraddons\builder\Builder.php:78
actionget_footeraddons\builder\Builder.php:81
actioninitaddons\builder\init.php:4
actionrest_api_initaddons\builder\RequestAPI.php:23
actioninitaddons\chatgpt\init.php:4
filterultp_settingsaddons\chatgpt\init.php:7
actionadd_meta_boxesaddons\custom_font\Custom_Font.php:9
actionsave_postaddons\custom_font\Custom_Font.php:10
filtermanage_ultp_custom_font_posts_columnsaddons\custom_font\Custom_Font.php:11
actionmanage_ultp_custom_font_posts_custom_columnaddons\custom_font\Custom_Font.php:12
filterupload_mimesaddons\custom_font\Custom_Font.php:13
filterwp_check_filetype_and_extaddons\custom_font\Custom_Font.php:14
filterenter_title_hereaddons\custom_font\Custom_Font.php:15
actioninitaddons\custom_font\init.php:4
actionet_builder_readyaddons\divi\divi.php:2
filteret_builder_enable_classic_editoraddons\divi\init.php:13
actioninitaddons\divi\init.php:19
actionrest_api_initaddons\dynamic_content\includes\DCController.php:27
actioninitaddons\dynamic_content\init.php:11
actionelementor/widgets/registeraddons\elementor\Elementor.php:20
actionelementor/frontend/before_enqueue_scriptsaddons\elementor\Elementor.php:21
actionelementor/frontend/after_enqueue_stylesaddons\elementor\Elementor.php:22
actionplugins_loadedaddons\elementor\init.php:4
actioninitaddons\oxygen\init.php:11
filterrank_math/researches/toc_pluginsaddons\table_of_content\init.php:4
actioninitaddons\templates\init.php:4
actionadmin_headaddons\templates\Saved_Templates.php:12
actionload-post-new.phpaddons\templates\Saved_Templates.php:13
filtermanage_ultp_templates_posts_columnsaddons\templates\Saved_Templates.php:14
actionmanage_ultp_templates_posts_custom_columnaddons\templates\Saved_Templates.php:15
actioninitaddons\wpbakery\init.php:12
actioninitblocks\Advanced_Filter.php:107
actioninitblocks\Advanced_List.php:8
actioninitblocks\Advanced_Search.php:9
actioninitblocks\Button.php:8
actioninitblocks\Dark_Light.php:9
actioninitblocks\Heading.php:9
actioninitblocks\Image.php:9
actioninitblocks\News_Ticker.php:9
actioninitblocks\Post_Grid_1.php:8
actioninitblocks\Post_Grid_2.php:10
actioninitblocks\Post_Grid_3.php:10
actioninitblocks\Post_Grid_4.php:10
actioninitblocks\Post_Grid_5.php:8
actioninitblocks\Post_Grid_6.php:10
actioninitblocks\Post_Grid_7.php:10
actioninitblocks\Post_List_1.php:9
actioninitblocks\Post_List_2.php:10
actioninitblocks\Post_List_3.php:9
actioninitblocks\Post_List_4.php:10
actioninitblocks\Post_Module_1.php:10
actioninitblocks\Post_Module_2.php:10
actioninitblocks\Post_Slider_1.php:9
actioninitblocks\Post_Slider_2.php:10
actioninitblocks\Taxonomy.php:9
actioninitblocks\Youtube_Gallery.php:10
actionwp_enqueue_scriptsblocks\Youtube_Gallery.php:11
actionrest_api_initclasses\Caches.php:28
actionadmin_initclasses\Compatibility.php:29
actionrevisionary_copy_postmetaclasses\Compatibility.php:32
actionrest_api_initclasses\Dashboard.php:32
actionadmin_footerclasses\Deactive.php:36
actionrest_api_initclasses\Importer.php:34
filteradmin_body_classclasses\Initialization.php:39
filterbody_classclasses\Initialization.php:40
actionwpclasses\Initialization.php:42
actionafter_setup_themeclasses\Initialization.php:43
filterblock_categories_allclasses\Initialization.php:44
filtersafe_style_cssclasses\Initialization.php:46
filterwp_kses_allowed_htmlclasses\Initialization.php:47
actionenqueue_block_editor_assetsclasses\Initialization.php:49
actionadmin_enqueue_scriptsclasses\Initialization.php:50
actionactivated_pluginclasses\Initialization.php:52
actionadmin_initclasses\Options.php:32
actionadmin_menuclasses\Options.php:33
actionin_admin_headerclasses\Options.php:34
filterplugin_row_metaclasses\Options.php:35
actionrest_api_initclasses\REST_API.php:29
actionrest_api_initclasses\Styles.php:30
actionadmin_initclasses\Styles.php:33
actionadmin_initclasses\Styles.php:34
actionwp_enqueue_scriptsclasses\Styles.php:35
filterrender_blockclasses\Styles.php:36
actionultp_enqueue_postx_block_cssclasses\Styles.php:37
actionafter_delete_postclasses\Styles.php:39
filtertemplate_includeclasses\Templates.php:29
filtertheme_page_templatesclasses\Templates.php:30
actionadmin_footerincludes\deactive\class-deactive.php:28
actionadmin_noticesincludes\notice\class-notice.php:34
actionadmin_initincludes\notice\class-notice.php:35
actionrest_api_initincludes\notice\class-notice.php:38
actioninitultimate-post.php:25
Maintenance & Trust

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version5.6
Downloads2.7M

Community Trust

Rating96/100
Number of ratings246
Active installs40K
Alternatives

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Alternatives

Pixel Post Grid

Pixel Post Grid

pixel-post-grid

A
100

Beautiful Gutenberg block to display posts in responsive grids, list, AJAX load more & pagination. Lightweight & customizable.

0 No CVEs
Zamzam Post Grid Blocks

Zamzam Post Grid Blocks

zamzam-post-grid-blocks

A
100

Beautiful Gutenberg block to display posts in responsive grids, list, AJAX load more & pagination. Lightweight & customizable.

0 No CVEs
Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters

Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters

advanced-post-block

A
100

Advanced Post Block lets you add dynamic post grids, lists, sliders, and tickers. Filter content by category, tag, author, or custom post type.

10K 1 CVE
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

post-grid-carousel-ultimate

A
86

The easiest and most useful plugin to display blog posts, pages, or custom posts in beautiful post layouts like post grid, post carousel & post slider

1K 7 CVEs
Post Blocks & Tools

Post Blocks & Tools

bnm-blocks

A
98

Post grid, post list, and post slider Gutenberg blocks to design blog and magazine layouts easily.

300 2 CVEs
Developer Profile

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX Developer Profile

WPXPO

9 plugins · 51K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
137 days
View full developer profile
Detection Fingerprints

How We Detect Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultimate-post/assets/css/frontend.css/wp-content/plugins/ultimate-post/assets/js/frontend.js
Script Paths
/wp-content/plugins/ultimate-post/assets/js/frontend.js
Version Parameters
ultimate-post/assets/css/frontend.css?ver=ultimate-post/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
ultp-builderid-ultp-block
Data Attributes
data-ultp-block-id
JS Globals
ULTPultp_data
REST Endpoints
/wp-json/ultp/v1/get_posts
Shortcode Output
[ultp_posts][ultp_author_box]
FAQ

Frequently Asked Questions about Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX