Plugin-planet User_submitted_posts

6 CVEs affecting Plugin-planet User_submitted_posts. Latest disclosed: 2024-07-13. Critical: 2, High: 1.

Top CVEs affecting Plugin-planet User_submitted_posts
CVESeverityScorePublishedSummary
CVE-2019-25138Critical9.82023-06-07The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in v…
CVE-2023-45603Critical9.02023-12-20Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue a…
CVE-2023-4308High7.22023-08-15The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and in…
CVE-2023-4779Medium6.42023-09-06The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and incl…
CVE-2016-11001Medium6.12019-09-20The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.
CVE-2024-5002Medium4.82024-07-13The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as ad…