A vulnerability identified as critical has been detected in wpxpo FastX Plugin up to 1.0.2 on WordPress. Affected by this issue is the function ultp_install_callback of the component Plugin Installation Handler . Performing a manipulation results in missing authorization. This vulnerability is reported as CVE-2026-2518 . The attack is possible to be carried out remotely. No exploit exists.