Lucene search
K

1246 matches found

NVD
NVD
added 2026/07/01 7:16 a.m.9 views

CVE-2026-11570

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled...

4.2CVSS0.00137EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.18 views

CVE-2026-11570

CVE-2026-11570 affects the User Submitted Posts WordPress plugin prior to 20260608, where an input value is not escaped before being output in an admin-configured display template, allowing unauthenticated users to trigger a Stored XSS when a non-default display option is enabled. The issue is de...

4.2CVSS5.7AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 6:0 a.m.41 views

CVE-2026-11570 User Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author Name

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled...

0.00137EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: can: usb8dev: usb8devreadbulkcallback: fixed the URB memory leak. The memory leak was fixed in a similar manner to that in commit 7352e1d5932a “can: gsusb: gsusbreceivebulkcallback: fixed the URB memory leak”. In usb8devopen -...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: can: esdusb: esdusbreadbulkcallback: fixed the URB memory leak. The memory leak was fixed in a similar manner to the issue in commit 7352e1d5932a “can: gsusb: gsusbreceivebulkcallback: fixed the URB memory leak”. In esdusbopen, t...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 6:16 a.m.12 views

CVE-2026-2725

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...

6CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 5:32 a.m.22 views

CVE-2026-2725

Gerrit CVE-2026-2725 affects Gerrit versions 2.12 and later due to an incorrect authorization in the "submitted together" feature. An authenticated attacker with force-push permissions on a secondary branch can bypass code review and forcefully submit code to restricted branches by submitting a c...

6CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Gerrit 安全漏洞

Gerrit is a code review tool used within the Gerrit community. Versions of Gerrit 2.12 and later contain security vulnerabilities. These vulnerabilities stem from improper authorization in the “submitted together” feature, which could allow authenticated attackers to bypass code reviews and force...

6CVSS5.9AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40576

Name of the Vulnerable Software and Affected Versions Gerrit versions 2.12 and later Description Incorrect authorization in the "submitted together" feature allows an authenticated attacker with force push permissions on a secondary branch to bypass code review. This is achieved by using a crafte...

6CVSS6AI score0.00116EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/17 5:29 a.m.8 views

CVE-2026-5797

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...

5.3CVSS6AI score0.00519EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/03/10 2:52 p.m.4 views

CVE-2026-3862

Cross-site Scripting XSS allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page...

4.6CVSS5.8AI score0.00191EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 p.m.7 views

CVE-2026-2126

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 9:25 a.m.3 views

CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References4
CVE
CVE
added 2026/02/18 9:25 a.m.14 views

CVE-2026-2126

CVE-2026-2126 affects the WordPress plugin “User Submitted Posts – Enable Users to Submit Posts from the Front End.” The issue is Incorrect Authorization: the function usp_get_submitted_category() accepts user-submitted category IDs from POST without validating against configured allowed categori...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/18 9:25 a.m.35 views

CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS0.00345EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/18 9:25 a.m.4 views

CVE-2026-2126

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20377

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the usp get submitted category function accepting user-submitted category IDs from the POST body...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.17 views

WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References4
Nuclei
Nuclei
added 2026/02/09 8:27 a.m.26 views

User Submitted Posts <= 20251121 - Unauthenticated Open Redirect

The User Submitted Posts plugin for WordPress is vulnerable to Open Redirect in all versions up to and including 20251121. This is due to insufficient validation on the redirect-override POST parameter. Unauthenticated attackers can redirect users to potentially malicious sites by tricking them...

4.7CVSS5.5AI score0.00475EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/05 12:25 a.m.7 views

SUSE CVE-2026-23075

In the Linux kernel, the following vulnerability has been resolved: can: esdusb: esdusbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In esdusbopen, the URBs for USB-in transfers are allocated,...

5.5CVSS5.1AI score0.00123EPSS
Exploits0References3
Rows per page
Query Builder