Plugin-planet User_submitted_posts
6 CVEs affecting Plugin-planet User_submitted_posts. Latest disclosed: 2024-07-13. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-25138 | Critical | 9.8 | 2023-06-07 | The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in v… |
CVE-2023-45603 | Critical | 9.0 | 2023-12-20 | Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue a… |
CVE-2023-4308 | High | 7.2 | 2023-08-15 | The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and in… |
CVE-2023-4779 | Medium | 6.4 | 2023-09-06 | The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and incl… |
CVE-2016-11001 | Medium | 6.1 | 2019-09-20 | The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. |
CVE-2024-5002 | Medium | 4.8 | 2024-07-13 | The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as ad… |