Lucene search
+L

6 matches found

Github Security Blog
Github Security Blog
added 2026/05/29 10:19 p.m.25 views

formie's unauthenticated front-end submission editing can overwrite existing submissions

Impact Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Patches 2.2.21, 3.1.26 Workarounds Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submissio...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/29 7:3 p.m.39 views

CVE-2026-47266 Formie: Unauthenticated front-end submission editing can overwrite existing submissions

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...

8.7CVSS0.00311EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/18 9:25 a.m.35 views

CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS0.00345EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/17 9:15 a.m.11 views

CVE-2026-0913

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

6.4CVSS5AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/30 12:0 a.m.6 views

WordPress User Submitted Posts plugin open to redirection vulnerability

WordPress User Submitted Posts plugin is a WordPress plugin that allows website visitors to submit post content via a front-end form that includes features such as title, tags, categories, author information, URL, body text and image uploads. WordPress User Submitted Posts plugin suffers from an...

6.1CVSS6.8AI score0.00475EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.6 views

WordPress plugin User Submitted Posts 安全漏洞

WordPress User Submitted Posts plugin is a WordPress plugin that allows website visitors to submit post content via a front-end form that includes features such as title, tags, categories, author information, URL, body text and image uploads. WordPress User Submitted Posts plugin suffers from an...

4.7CVSS6.7AI score0.00475EPSS
Exploits0References1
Rows per page
Query Builder