N/A
2026-01-15< 20260113
User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode
User Submitted Posts – Enable Users to Submit Posts from the Front End
Minimum safe version
20260217
Update to 20260217 or later to address 17 fixable vulnerabilities
Latest available20260422 ✓
N/A
2026-02-17< 20260217
User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter
High 7.2
2026-01-24< 20260110
User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field
Medium 4.7
2026-01-01< 20251210
User Submitted Posts <= 20251121 - Unauthenticated Open Redirect
Medium 4.4
2025-04-03< 20250327
WordPress User Submitted Posts Plugin <= 20241026 is vulnerable to Cross Site Scripting (XSS)
Medium 4.8
2024-07-15< 20240516
WordPress User Submitted Posts Plugin < 20240516 is vulnerable to Cross Site Scripting (XSS)
Medium 6.5
2024-03-26< 20230902
CVE-2023-7251
Critical 9.0
2023-12-20< 20230914
CVE-2023-45603
N/A
2024-03-26< 20230902
CVE-2023-41696
Medium 5.4
2023-09-06< 20230901
CVE-2023-4779
Medium 5.4
2023-08-15< 20230811
CVE-2023-4308
Critical 9.8
2023-06-07< 20190426
CVE-2019-25138
N/A
2019-05-02< 20190426
User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload
N/A
< 20190501
wpscan.com
N/A
2016-02-25< 20160215
WordPress User Submitted Posts Plugin <= 20151113 - XSS
N/A
2019-06-11< 20190501
WordPress User Submitted Posts plugin <= 20190426 - Arbitrary File Upload vulnerability
Medium 6.1
2019-09-20< 20160215
CVE-2016-11001