CVE-2026-1296

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...

CVE-2026-1296

CVE-2026-1296: Frontend Post Submission Manager Lite for WordPress is vulnerable to an unauthenticated Open Redirect in all versions up to 1.2.7 due to insufficient validation of the 'requested_page' POST parameter in the verify_username_password function. This allows attackers to induce users to...

WordPress Frontend Post Submission Manager Lite plugin <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend Post Submission Manager Lite versions = 1.2.5...

CVE-2025-14913

The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...

CVE-2025-14913

The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...

CVE-2025-14913

CVE-2025-14913 affects the Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin. It allows unauthenticated attackers to delete arbitrary attachments due to an incorrect authorization check in the media_delete_action function, affecting all versions up to 1.2.6. CVSS 3.1 base ...

CVE-2025-14913 Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion

The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...

WordPress Frontend Post Submission Manager Lite plugin <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend Post Submission Manager Lite versions = 1.2.6...

PT-2025-53417

Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite WordPress Plugin versions through 1.2.6 Description The Frontend Post Submission Manager Lite WordPress Plugin is affected by a flaw that allows unauthorized data loss. An incorrect authorization check...

CVE-2025-14080

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

CVE-2025-14080 Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

PT-2025-52576

Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite plugin versions through 1.2.5 Description The Frontend Post Submission Manager Lite plugin for WordPress has an issue where authorization checks are missing on the post update functionality within the fpsm...

EUVD-2025-8190

Malicious code in bioql PyPI...

CVE-2022-4946

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

CVE-2025-23638

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Umesh Ghimire Frontend Post Submission frontend-post-submission allows Reflected XSS.This issue affects Frontend Post Submission: from n/a through = 1.0...

CVE-2025-23638

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Umesh Ghimire Frontend Post Submission frontend-post-submission allows Reflected XSS.This issue affects Frontend Post Submission: from n/a through = 1.0...

CVE-2025-23638 WordPress Frontend Post Submission plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Umesh Ghimire Frontend Post Submission frontend-post-submission allows Reflected XSS.This issue affects Frontend Post Submission: from n/a through = 1.0...

CVE-2025-23638 WordPress Frontend Post Submission plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Umesh Ghimire Frontend Post Submission frontend-post-submission allows Reflected XSS.This issue affects Frontend Post Submission: from n/a through = 1.0...

CVE-2025-23638

CVE-2025-23638 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Frontend Post Submission (notFound frontend post submission), affecting versions from n/a up to and including 1.0. It is a NotFound variant noted in initial records and is classified as High severity (C...

WordPress plugin Frontend Post Submission 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...