Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-11570

UNKNOWN NVD
CVSS Score 0
Severity UNKNOWN
Published Jul 01, 2026
Vendor unknown

Description

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled.

References