Vulnerabilities > Plugin Planet > User Submitted Posts > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-4779 | Unspecified vulnerability in Plugin-Planet User Submitted Posts The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. | 5.4 |
| 2023-08-15 | CVE-2023-4308 | Unspecified vulnerability in Plugin-Planet User Submitted Posts The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. | 5.4 |
| 2019-09-20 | CVE-2016-11001 | Cross-site Scripting vulnerability in Plugin-Planet User Submitted Posts The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | 4.3 |