Lucene search
K

83 matches found

Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.3 views

PT-2025-14601 · WordPress · User Submitted Posts

Name of the Vulnerable Software and Affected Versions: User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress versions up to, and including, 20240319 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input...

4.4CVSS5.1AI score0.00207EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/07/15 2:40 a.m.6 views

WordPress User Submitted Posts plugin < 20240516 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Guido Iván García Duva in WordPress Plugin User Submitted Posts versions 20240516...

4.8CVSS6.1AI score0.00423EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/07/15 12:0 a.m.12 views

WordPress User Submitted Posts Plugin < 20240516 is vulnerable to Cross Site Scripting (XSS)

Software User Submitted Posts Type Plugin Vulnerable versions 20240516 Fixed in 20240516 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5002 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b741c5e1dcda Credits Guido Iván Garc...

4.8CVSS5.8AI score0.00423EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/07/13 6:15 a.m.2 views

CVE-2024-5002

The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00423EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.19 views

CVE-2024-5002 User Submitted Posts < 20240516 - Admin+ Stored XSS

The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00423EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.12 views

CVE-2024-5002 User Submitted Posts < 20240516 - Admin+ Stored XSS

The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00423EPSS
Exploits1References1
NVD
NVD
added 2024/03/26 9:15 a.m.14 views

CVE-2023-7251

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

6.5CVSS6.4AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/26 8:40 a.m.20 views

CVE-2023-7251 WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

6.5CVSS6.6AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2024/03/26 8:40 a.m.42 views

CVE-2023-7251

CVE-2023-7251 affects the WordPress plugin User Submitted Posts (versions

6.5CVSS5.2AI score0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/26 8:40 a.m.8 views

CVE-2023-7251 WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

6.5CVSS7AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.2 views

WordPress Plugin User Submitted Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS6.2AI score0.00339EPSS
Exploits0References2
OSV
OSV
added 2023/12/20 7:15 p.m.4 views

CVE-2023-45603

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902...

9.8CVSS7.3AI score0.00903EPSS
Exploits0References1
NVD
NVD
added 2023/12/20 7:15 p.m.21 views

CVE-2023-45603

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902...

9.8CVSS0.00903EPSS
Exploits0References1
Prion
Prion
added 2023/12/20 7:15 p.m.20 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902...

7.5CVSS7.1AI score0.00903EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/20 6:38 p.m.28 views

CVE-2023-45603 WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902...

9CVSS9.7AI score0.00903EPSS
Exploits0References1
CVE
CVE
added 2023/12/20 6:38 p.m.89 views

CVE-2023-45603

CVE-2023-45603 concerns the WordPress plugin User Submitted Posts (Jeff Starr) with an Unrestricted Upload of File with Dangerous Type, enabling unauthenticated users to upload arbitrary files via the usp_attach_images path. Public sources (NVD/Wordfence, Patchstack) identify this as a high-sever...

9.8CVSS8.6AI score0.00903EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/20 12:0 a.m.5 views

WordPress Plugin User Submitted Posts Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

9.8CVSS6.8AI score0.00903EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/10/10 12:0 a.m.13 views

WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload

Software User Submitted Posts Type Plugin Vulnerable versions = 20230902 Fixed in 20230914 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-45603 Patch priority High CVSS severity High 9 Developer Claim ownership PSID b7d676bf7c95 Credits Rafie Muhammad Patchstack...

9.8CVSS6.8AI score0.00903EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/09/06 7:15 a.m.17 views

CVE-2023-4779

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

6.4CVSS5.7AI score0.00325EPSS
Exploits0References2
OSV
OSV
added 2023/09/06 7:15 a.m.4 views

CVE-2023-4779

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

5.4CVSS6AI score0.00325EPSS
Exploits0References2
Rows per page
Query Builder