PT-2026-20274 · WordPress · Frontend Post Submission Manager Lite

Kenneth Dunn

Published

2026-02-18

Updated

2026-03-17

CVE-2026-1296

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite plugin for WordPress versions through 1.2.7

Description The software contains a flaw that allows redirection to potentially malicious sites. This occurs because of inadequate validation of the requested page POST parameter within the verify username password function. An unauthenticated attacker can exploit this by tricking users into performing an action, such as clicking a link, which triggers the redirection.

Recommendations Update the Frontend Post Submission Manager Lite plugin to a version later than 1.2.7.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2026-1296

Affected Products

Frontend Post Submission Manager Lite

PT-2026-20274 · WordPress · Frontend Post Submission Manager Lite

CVE-2026-1296

Weakness Enumeration

Related Identifiers

Affected Products

References · 10