Vulnerability in User Submitted Posts

CVE-2026-11570

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated us…

Affected products

  • Unknown User Submitted Posts — versions 0

References