CVE-2026-11570
User Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author Name
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled.
| Vendor | unknown |
| Product | user submitted posts |
| Published | Jul 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown user submitted posts
Be the first to know when new unknown vulnerabilities affecting unknown user submitted posts are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / User Submitted Posts
0 < 20260608
References
Credits
dangnosuy WPScan