MEDIUM
wpxpo
CVE published 2026-05-22
CVE-2026-2518
CVE-2026-2518 is an authorization weakness in the FastX WordPress theme. Because the theme’s ultp_install_callback and ultp_activate_callback functions lack capability checks, authenticated users with Subscriber-level access and above can install and activate the PostX plugin. The issue affects FastX versions up to and including 1.0.2 and is rated Medium severity (CVSS 4.3).