VYPR

User Submitted Posts

by Plugin Planet

Source repositories

CVEs (5)

  • CVE-2019-25138CriJun 7, 2023
    risk 0.64cvss 9.8epss 0.02

    The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files…

  • CVE-2023-45603CriDec 20, 2023
    risk 0.59cvss 9.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.

  • CVE-2023-4779MedSep 6, 2023
    risk 0.42cvss 6.4epss 0.00

    The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'.…

  • CVE-2025-68509MedDec 24, 2025
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Jeff Starr User Submitted Posts user-submitted-posts allows Phishing.This issue affects User Submitted Posts: from n/a through <= 20251121.

  • CVE-2025-2874MedApr 3, 2025
    risk 0.29cvss 4.4epss 0.00

    The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20240319 due to insufficient input sanitization and output escaping. This makes…