cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-4779,https://securityvulnerability.io/vulnerability/CVE-2023-4779,Stored Cross-Site Scripting Vulnerability in User Submitted Posts Plugin for WordPress,"The User Submitted Posts plugin for WordPress is susceptible to Stored Cross-Site Scripting attacks through the [usp_gallery] shortcode. This vulnerability arises from inadequate input sanitization and output escaping of user-supplied attributes, such as 'before'. Authenticated attackers with contributor-level permissions or higher can exploit this flaw to embed arbitrary scripts that execute whenever a user accesses the compromised pages, potentially leading to unauthorized actions and data exposure.",Wordpress,User Submitted Posts – Enable Users to Submit Posts from the Front End,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-09-06T07:15:00.000Z,0
CVE-2023-4308,https://securityvulnerability.io/vulnerability/CVE-2023-4308,Stored Cross-Site Scripting in User Submitted Posts for WordPress,"The User Submitted Posts plugin in WordPress has a vulnerability that allows for Stored Cross-Site Scripting attacks via the ‘user-submitted-content’ parameter. This flaw arises from inadequate input sanitization and output escaping mechanisms implemented in versions up to and including 20230809. As a result, attackers without authentication can inject malicious web scripts that execute when users visit affected pages, potentially compromising the integrity of user environments.",Wordpress,User Submitted Posts – Enable Users to Submit Posts from the Front End,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-08-15T08:15:00.000Z,0
CVE-2019-25138,https://securityvulnerability.io/vulnerability/CVE-2019-25138,Arbitrary File Upload Vulnerability in User Submitted Posts Plugin for WordPress,"The User Submitted Posts plugin for WordPress contains a vulnerability that allows unauthenticated attackers to upload arbitrary files due to insufficient file type validation in its usp_check_images function. This flaw can lead to the potential for remote code execution on the server. Users of affected versions, up to and including 20190312, are encouraged to update their plugins to mitigate the risks associated with this vulnerability.",Wordpress,User Submitted Posts – Enable Users To Submit Posts From The Front End,9.8,CRITICAL,0.01971999928355217,false,,false,false,false,,false,false,2023-06-07T01:51:22.056Z,0