CVE-2026-0800

Name of the Vulnerable Software and Affected Versions User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress versions prior to 20251211

Description The software is susceptible to Stored Cross-Site Scripting through custom fields due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. When a user accesses an injected page, the scripts will execute.

Recommendations Update to version 20251211 or later.