Vulnerability in User Submitted Posts
CVE-2026-11570
The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated us…
Affected products
- Unknown User Submitted Posts — versions 0
References
- contact@wpscan.com (technical-description, exploit, vdb-entry)