CVE-2026-11570
Summary (CVE-2026-11570): The WordPress plugin User Submitted Posts (pre-20260608) does not escape a submitted value before rendering it in an admin-configured display template, causing a stored XSS flaw. The issue can be triggered by unauthenticated users when a non-default display option is ena...