CVE-2026-11570 - CERT CVE
ID CVE-2026-11570
Sažetak The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled.
Reference
CVSS
Base: 4.2
Impact: 2.5
Exploitability:1.6
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Zadnje važnije ažuriranje 01-07-2026 - 18:17
Objavljeno 01-07-2026 - 07:16