CVE-2023-45603

CVE-2023-45603 concerns the WordPress plugin User Submitted Posts (Jeff Starr) with an Unrestricted Upload of File with Dangerous Type, enabling unauthenticated users to upload arbitrary files via the usp_attach_images path. Public sources (NVD/Wordfence, Patchstack) identify this as a high-sever...

CVE-2023-4308

CVE-2023-4308 affects the WordPress plugin User Submitted Posts, with Stored Cross-Site Scripting via the user-submitted-content parameter in versions up to and including 20230809. The exploitation is unauthenticated and can cause arbitrary script execution when a user visits an injected page. Pu...

CVE-2016-11001

CVE-2016-11001 affects the WordPress plugin user-submitted-posts prior to 20160215. The vulnerability is described as XSS via the user-submitted-content field in the plugin. The connected documents reiterate the same description across NVD/Red Hat/other listings, with no explicit exploit details ...

CVE-2024-5002

The CVE-2024-5002 entry concerns the WordPress plugin User Submitted Posts (versions before 20240516). The underlying issue is that the plugin does not sanitize and escape certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., administrators), even when unfiltered_h...

CVE-2019-25138

The CVE-2019-25138 entry concerns the WordPress plugin “User Submitted Posts.” Affected component: usp_check_images, vulnerable through missing file type validation in versions up to and including 20190312. Impact: unauthenticated attackers can upload arbitrary files to the server, with potential...

CVE-2023-4779

CVE-2023-4779 affects the WordPress plugin User Submitted Posts . The vulnerability is a stored XSS via the plugin’s [usp_gallery] shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes (e.g., ‘before’). Impact: authenticated attackers with contributo...