WordPress Plugin Vulnerabilities

User Submitted Posts < 20160215 - Stored Cross-Site Scripting (XSS)

Description

The User Submitted Posts WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
user-submitted-posts
Fixed in 20160215

References

CVE
CVE-2016-11001
URL
https://www.securityfocus.com/archive/1/537616/30/0/threaded

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
b713fd4f-afdf-40f3-a175-efd3b38214e3

Timeline

Publicly Published
2016-02-25 (about 10 years ago)
Added
2016-02-25 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-16
Title
WP Stripe Checkout < 1.2.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2023-06-15
Title
Flo Forms < 1.0.41 - Admin+ Stored XSS
Published
2021-10-15
Title
YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Preview Module
Published
2023-01-20
Title
VikRentCar < 1.3.1 - Admin+ Stored XSS
Published
2026-05-05
Title
LatePoint < 5.5.1 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' Parameter