Lucene search
K

178 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-11570

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled...

4.2CVSS0.00137EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-11570

CVE-2026-11570 affects the User Submitted Posts WordPress plugin prior to 20260608, where an input value is not escaped before being output in an admin-configured display template, allowing unauthenticated users to trigger a Stored XSS when a non-default display option is enabled. The issue is de...

4.2CVSS5.7AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-11570 User Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author Name

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled...

0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 5:29 a.m.7 views

CVE-2026-5797

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...

5.3CVSS6AI score0.00519EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 p.m.7 views

CVE-2026-2126

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 9:25 a.m.3 views

CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/18 9:25 a.m.4 views

CVE-2026-2126

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/18 9:25 a.m.34 views

CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS0.00345EPSS
Exploits0References4
CVE
CVE
added 2026/02/18 9:25 a.m.14 views

CVE-2026-2126

CVE-2026-2126 affects the WordPress plugin “User Submitted Posts – Enable Users to Submit Posts from the Front End.” The issue is Incorrect Authorization: the function usp_get_submitted_category() accepts user-submitted category IDs from POST without validating against configured allowed categori...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.17 views

WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20377

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the usp get submitted category function accepting user-submitted category IDs from the POST body...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/02/09 8:27 a.m.7 views

User Submitted Posts <= 20251121 - Unauthenticated Open Redirect

The User Submitted Posts plugin for WordPress is vulnerable to Open Redirect in all versions up to and including 20251121. This is due to insufficient validation on the redirect-override POST parameter. Unauthenticated attackers can redirect users to potentially malicious sites by tricking them...

4.7CVSS5.5AI score0.00475EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/26 7:9 a.m.7 views

WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability

WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin = 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability discovered by Balamurugan R in WordPress Plugin User Submitted Posts versions = 20251210...

7.2CVSS5.9AI score0.00213EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.11 views

CVE-2026-0800

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.8AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/24 8:26 a.m.3 views

CVE-2026-0800 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00213EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/24 8:26 a.m.3 views

CVE-2026-0800

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00213EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 8:26 a.m.29 views

CVE-2026-0800 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00213EPSS
Exploits0References2
CVE
CVE
added 2026/01/24 8:26 a.m.19 views

CVE-2026-0800

CVE-2026-0800 affects the WordPress plugin “User Submitted Posts – Enable Users to Submit Posts from the Front End.” The vulnerability is an unauthenticated Stored Cross-Site Scripting via custom fields, exploitable on pages that render an injected field. All versions up to and including 20251210...

7.2CVSS5.8AI score0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.7 views

WordPress plugin User Submitted Posts cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.7AI score0.00213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/17 9:15 a.m.10 views

CVE-2026-0913

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

6.4CVSS5AI score0.00232EPSS
Exploits0References1
Rows per page
Query Builder