PT-2026-3236 · WordPress · User Submitted Posts – Enable Users To Submit Posts From The Front End

Specialk

Published

2026-01-16

Updated

2026-01-16

CVE-2026-0913

CVSS v3.1

6.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress versions prior to 20260111

Description The software is susceptible to Stored Cross-Site Scripting through the 'usp access' shortcode due to inadequate input sanitization and output escaping of user-provided attributes. This allows authenticated attackers with Contributor-level access or higher to inject malicious web scripts into pages. These scripts will then execute whenever a user accesses the compromised page.

Recommendations Update the User Submitted Posts – Enable Users to Submit Posts from the Front End plugin to version 20260111 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-0913

Affected Products

User Submitted Posts – Enable Users To Submit Posts From The Front End

CVE-2026-0913

Weakness Enumeration

Related Identifiers

Affected Products

References · 6