CVE-2025-68606
WordPress PostX plugin <= 5.0.3 - Sensitive Data Exposure vulnerabilityExposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.
We have discovered 5,393 live websites that are affected by CVE-2025-68606.
Affected Software
| Product |  Ultimate Post |
| Category | Wordpress Plugins |
| Vulnerable Domains | 5,393 live websites (85% of Ultimate Post install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 127 versions ( 98% of all versions) |
Details
- Published - Dec 24, 2025
- Updated - Jan 20, 2026
Credits
- Doan Dinh Van | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-68606 United States | 2,386 websites |
 Poland | 461 websites |
 Germany | 411 websites |
 France | 250 websites |
 GB | 168 websites |
 Cyprus | 139 websites |
 Spain | 138 websites |
 Italy | 120 websites |
 Netherlands | 97 websites |
 Japan | 84 websites |
Website Distribution by TLD
Number of websites using CVE-2025-68606| .com | 2,577 websites |
| .pl | 396 websites |
| .org | 332 websites |
| .de | 207 websites |
| .net | 200 websites |
| .it | 104 websites |
| .fr | 103 websites |
| .co.uk | 96 websites |
| .nl | 93 websites |
| .jp | 77 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-68606
Top websites that are affected by CVE-2025-68606. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | United States | *,*** | |
| *********************.com | United States | **,*** | |
| *****.ca |  Canada | **,*** | |
| ***********.net | United States | **,*** | |
| *******.****.edu | United States | ***,*** | |
| ***.***.br |  Brazil | ***,*** | |
| ***************************.de | Germany | ***,*** | |
| ************.com | United States | ***,*** | |
| ***************.com | United States | ***,*** | |
| **************.com | Cyprus | ***,*** |
FAQ
A total of 5,393 websites have been identified as vulnerable to CVE-2025-68606, based on global website indexing conducted by WebTechSurvey.
The Ultimate Post is affected by the CVE-2025-68606 vulnerability.
Ultimate Post versions up to and including 5.0.3 are vulnerable to CVE-2025-68606.