CVE-2026-11570

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/07/2026
Last modified:
01/07/2026

Description

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled.