CVE-2026-11570
The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured dis
CVSS
4.2
Medio
EPSS
0.1%
p3
KEV
—
Exploit Today
1
0-100
Publicado: 1 jul 2026 · Última mod.: 1 jul 2026
0.1%EPSS · 30 días0.2%
2026-07-012026-07-16
The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled.
Sin CVEs relacionados por CWE o producto.