Frontend Post Submission Manager Lite <= 1.2.7 - Open Redirect

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...

CVE-2026-2126

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

CVE-2026-2126

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

CVE-2026-1296

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...

CVE-2026-0913

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

CVE-2025-13419 Guest posting / Frontend Posting / Front Editor – WP Front User Submit <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion

The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it possibl...

PT-2026-1040

Name of the Vulnerable Software and Affected Versions WP User Frontend plugin for WordPress versions up to and including 4.2.4 Description The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress has an...

CVE-2025-14080

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

WordPress Frontend Post Submission Manager Lite plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Frontend Post Submission Manager Lite versions = 1.2.2...

CVE-2024-1123

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...

CVE-2023-45603

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902...

Joomla! Component eventCal 1.6.4 - Blind SQL Injection

Founded by RoAdKiLlEr Team: Albanian Hacking Crew Contact: RoAdKiLlEratKhg-CrewdotWs Home: http://a-h-crew.net Download App:http://joomlacode.org/gf/project/eventcal/frs/ ==========ExPl0iT3d by RoAdKiLlEr========== +Description: eventCal is a calendar component for Joomla!. It enables you to...

FreeBSD : Joomla -- multiple vulnerabilities (1f935f61-075d-11db-822b-728b50d539a3)

Joomla Site reports : - Secured 'Remember Me' functionality against SQL injection attacks - Secured 'Related Items' module against SQL injection attacks - Secured 'Weblinks' submission against SQL injection attacks - Secured SEF from XSS vulnerability - Hardened frontend submission forms against...