๐Ÿ” CVE Alert

CVE-2026-11570

UNKNOWN 0.0

User Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author Name

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled.

Vendor unknown
Product user submitted posts
Published Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for unknown user submitted posts

Be the first to know when new unknown vulnerabilities affecting unknown user submitted posts are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / User Submitted Posts
0 < 20260608

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/35c33c56-5b12-4be5-9d45-68f47cd854ec/

Credits

dangnosuy WPScan