CVE-2026-2126
User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the `usp_get_submitted_category()` function accepting user-submitted category IDs from the POST body without validating them against the admin-configured allowed categories stored in `usp_options['categories']`. This makes it possible for unauthenticated attackers to assign submitted posts to arbitrary categories, including restricted ones, by crafting a direct POST request with manipulated `user-submitted-category[]` values, bypassing the frontend category restrictions.
| CWE | CWE-863 |
| Vendor | specialk |
| Product | user submitted posts – enable users to submit posts from the front end |
| Published | Feb 18, 2026 |
| Last Updated | Apr 8, 2026 |
Get instant alerts for specialk user submitted posts – enable users to submit posts from the front end
Be the first to know when new medium vulnerabilities affecting specialk user submitted posts – enable users to submit posts from the front end are published — delivered to Slack, Telegram or Discord.
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N