CVE-2024-5002
- EPSS 0.07%
- Published 13.07.2024 06:15:03
- Last modified 13.05.2025 16:44:34
The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability...
CVE-2023-45603
- EPSS 2.16%
- Published 20.12.2023 19:15:10
- Last modified 21.11.2024 08:27:02
Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a thr...
CVE-2023-4779
- EPSS 0.15%
- Published 06.09.2023 07:15:09
- Last modified 21.11.2024 08:35:58
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied...
CVE-2023-4308
- EPSS 0.29%
- Published 15.08.2023 08:15:09
- Last modified 11.02.2025 22:15:26
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it...
CVE-2019-25138
- EPSS 3.58%
- Published 07.06.2023 02:15:09
- Last modified 21.11.2024 04:39:57
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attacker...
CVE-2016-11001
- EPSS 0.17%
- Published 20.09.2019 15:15:13
- Last modified 21.11.2024 02:45:16
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.