CVE-2026-11570
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Jul 01, 2026
Vendor
unknown
Description
The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled.