175 matches found
CVE-2026-5797
The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...
CVE-2026-2126
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...
CVE-2026-2126
CVE-2026-2126 affects the WordPress plugin “User Submitted Posts – Enable Users to Submit Posts from the Front End.” The issue is Incorrect Authorization: the function usp_get_submitted_category() accepts user-submitted category IDs from POST without validating against configured allowed categori...
CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...
CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...
CVE-2026-2126
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...
PT-2026-20377
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the usp get submitted category function accepting user-submitted category IDs from the POST body...
WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
User Submitted Posts <= 20251121 - Unauthenticated Open Redirect
The User Submitted Posts plugin for WordPress is vulnerable to Open Redirect in all versions up to and including 20251121. This is due to insufficient validation on the redirect-override POST parameter. Unauthenticated attackers can redirect users to potentially malicious sites by tricking them...
WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability
WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin = 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability discovered by Balamurugan R in WordPress Plugin User Submitted Posts versions = 20251210...
CVE-2026-0800
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-0800
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-0800 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-0800
CVE-2026-0800 affects the WordPress plugin “User Submitted Posts – Enable Users to Submit Posts from the Front End.” The vulnerability is an unauthenticated Stored Cross-Site Scripting via custom fields, exploitable on pages that render an injected field. All versions up to and including 20251210...
CVE-2026-0800 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin User Submitted Posts cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-0913
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...
CVE-2026-0913
CVE-2026-0913 affects the WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End. It enables Stored Cross-Site Scripting via the usp_access shortcode due to insufficient input sanitization/output escaping on user-supplied attributes. Valid for all versions up to a...
CVE-2026-0913 User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...
CVE-2026-0913 User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...