FastX WordPress Theme Missing Authorization Vulnerability Allows Unauthorized Plugin Installation and Activation

Vulnerability

A vulnerability exists in the FastX theme for WordPress, in all versions through 1.0.2, that allows unauthorized limited plugin installation and activation. This issue arises from inadequate capability checks in the 'ultp_install_callback' and 'ultp_activate_callback' functions. As a result, authenticated attackers with Subscriber-level access or higher can install and activate the PostX plugin.

Impact

Exploitation of this vulnerability could lead to unauthorized installation and activation of plugins, potentially allowing for malicious plugins to be used in the WordPress site.

Added: May 22, 2026, 5:21 AM

Updated: May 22, 2026, 5:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

8.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

8.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FastX WordPress Theme Missing Authorization Vulnerability Allows Unauthorized Plugin Installation and Activation

Vulnerability

Impact

Affected Products

FastX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating