WordPress · User Submitted Posts · CVE-2026-0800
**Name of the Vulnerable Software and Affected Versions**
User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress versions prior to 20251211
**Description**
The software is susceptible to Stored Cross-Site Scripting through custom fields due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. When a user accesses an injected page, the scripts will execute.
**Recommendations**
Update to version 20251211 or later.