[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXCtGnPs2GkXVaHR79tUF-qM3Toccs18rNm725oiViao":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":186,"crawl_stats":38,"alternatives":194,"analysis":290,"fingerprints":730},"user-submitted-posts","User Submitted Posts – Enable Users to Submit Posts from the Front End","20260217","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>\u003Cstrong>πŸ† The #1 Plugin for user-generated content\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>User Submitted Posts (USP) provides a front-end form that enables visitors to submit posts and upload images. Just add the following shortcode to any Post, Page, or Widget:\u003C\u002Fp>\n\u003Cp>[user-submitted-posts]\u003C\u002Fp>\n\u003Cp>That’s all there is to it! Your site now can accept user generated content. Everything is super easy to customize via Plugin Settings page.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>πŸš€ Enable visitors to submit posts from the front end of your site\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>✨ Form Fields\u003C\u002Fh3>\n\u003Cp>The submission form may include any\u002Fall of the following fields:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Name\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>URL\u003C\u002Fli>\n\u003Cli>Post Title\u003C\u002Fli>\n\u003Cli>Post Tags\u003C\u002Fli>\n\u003Cli>Post Category\u003C\u002Fli>\n\u003Cli>Post Content\u003C\u002Fli>\n\u003Cli>Custom Field 1\u003C\u002Fli>\n\u003Cli>Custom Field 2\u003C\u002Fli>\n\u003Cli>Custom Checkbox\u003C\u002Fli>\n\u003Cli>Challenge Question\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA (v2 or v3 Invisible)\u003C\u002Fli>\n\u003Cli>Cloudflare Turnstile (Invisible)\u003C\u002Fli>\n\u003Cli>Post Images\u003C\u002Fli>\n\u003Cli>Agree to Terms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>πŸš€ The first and best plugin for user-submitted content\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>✨ Core Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple to set up and display the form anywhere on your site\u003C\u002Fli>\n\u003Cli>Display the form on multiple posts and pages, or even site-wide\u003C\u002Fli>\n\u003Cli>Redirect users to any URL or stay on current page after submitting posts\u003C\u002Fli>\n\u003Cli>Set post status as draft, pending, publish, or publish after x number of posts\u003C\u002Fli>\n\u003Cli>Option to receive email notifications for submitted posts\u003C\u002Fli>\n\u003Cli>Customize email notifications with various post data\u003C\u002Fli>\n\u003Cli>Include email links to edit and delete posts\u003C\u002Fli>\n\u003Cli>Display a basic login\u002Fregister\u002Fpassword form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>πŸš€ Enable your visitors to share their own posts and images\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>✨ Form Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Display form anywhere via shortcode or template tag\u003C\u002Fli>\n\u003Cli>Display only the fields that you want on the form\u003C\u002Fli>\n\u003Cli>Set each displayed form field to be required or optional\u003C\u002Fli>\n\u003Cli>Automatic client-side form validation provided by \u003Ca href=\"https:\u002F\u002Fparsleyjs.org\u002F\" rel=\"nofollow ugc\">Parsley\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Stops spam via input validation, your choice of captcha, and hidden field\u003C\u002Fli>\n\u003Cli>Choose Google reCAPTCHA, Cloudflare Turnstile, or Challenge Question\u003C\u002Fli>\n\u003Cli>Choose Google reCAPTCHA v2 (β€œI am not a bot”) or v3 (Invisible)\u003C\u002Fli>\n\u003Cli>Optionally require users to be logged in to use the form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>πŸš€ Dial in the perfect form for your visitors\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>✨ More Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight, fast, and secure\u003C\u002Fli>\n\u003Cli>Translated into 20+ languages\u003C\u002Fli>\n\u003Cli>Option to submit posts as WP Posts or Pages\u003C\u002Fli>\n\u003Cli>Provides option to enable a custom form and styles\u003C\u002Fli>\n\u003Cli>Customize success, error, and file upload messages\u003C\u002Fli>\n\u003Cli>Includes shortcode to display a list of submitted posts\u003C\u002Fli>\n\u003Cli>Includes shortcodes to control access and restrict content\u003C\u002Fli>\n\u003Cli>Includes template tags to display submitted post content\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>πŸš€ Simple to use, lightweight, and flexible\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>✨ Image Uploads\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Enable visitors to upload any number of images\u003C\u002Fli>\n\u003Cli>Specify minimum and maximum number of allowed images\u003C\u002Fli>\n\u003Cli>Specify minimum and maximum width and height for images\u003C\u002Fli>\n\u003Cli>Automatically set submitted images as Featured Images\u003C\u002Fli>\n\u003Cli>Automatically display submitted images on the front end\u003C\u002Fli>\n\u003Cli>Includes template tags to display submitted images\u003C\u002Fli>\n\u003Cli>Includes shortcodes to display submitted images\u003C\u002Fli>\n\u003Cli>Form displays thumbnail previews of images\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>πŸš€ The easiest way to enable user content\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>✨ Pro Version\u003C\u002Fh3>\n\u003Cp>Pro version includes many powerful features, with unlimited custom forms, unlimited form fields, multimedia file uploads, and much more. Pro features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unlimited forms\u003C\u002Fli>\n\u003Cli>Unlimited form fields\u003C\u002Fli>\n\u003Cli>Unlimited file uploads\u003C\u002Fli>\n\u003Cli>All field types, including textarea, checkboxes, radio, select, file(s), plus input types like text, password, url, search, email, month, time, color, date, range, number, and more\u003C\u002Fli>\n\u003Cli>Build post-submission forms, user-registration forms, and contact forms\u003C\u002Fli>\n\u003Cli>Build COMBO forms (e.g., forms that submit posts AND register users)\u003C\u002Fli>\n\u003Cli>Supports unlimited Custom Post Types\u003C\u002Fli>\n\u003Cli>Supports custom Taxonomy fields\u003C\u002Fli>\n\u003Cli>Supports Custom Post Status\u003C\u002Fli>\n\u003Cli>Supports Post Formats\u003C\u002Fli>\n\u003Cli>Custom error messages\u003C\u002Fli>\n\u003Cli>Custom redirects\u003C\u002Fli>\n\u003Cli>Advanced security features\u003C\u002Fli>\n\u003Cli>Advanced shortcode to display submitted posts on the front end\u003C\u002Fli>\n\u003Cli>Plus everything the free version can do and more!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>πŸš€ Visit Plugin Planet to \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">learn more and get USP Pro »\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>✨ Translations\u003C\u002Fh3>\n\u003Cp>User Submitted Posts supports translation into any language. Current translations include the following languages:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Arabic - usp-ar\nBengali - usp-bn_BD\nChinese (Simplified) - usp-zh_CN\nChinese (Traditional) - usp-zh_TW\nCzech - usp-cs_CZ\nDutch - usp-nl_NL\nFrench (France) - usp-fr_FR\nGerman - usp-de_DE\nGreek - usp-el\nHebrew - usp-he_IL\nHindi - usp-hi_IN\nIrish - usp-ga\nItalian - usp-it_IT\nJapanese - usp-ja\nKorean - usp-ko_KR\nNorwegian - usp-no\nPanjabi - usp-pa_IN\nPersian - usp-fa_IR\nPolish - usp-pl_PL\nPortuguese (Brazil) - usp-pt_BR\nPortuguese (Portugal) - usp-pt_PT\nRomanian - usp-ro_RO\nRussian - usp-ru_RU\nSerbian - usp-sr_RS\nSlovenian - usp-sl_SI\nSpanish (Spain) - usp-es_ES\nSwedish - usp-sv_SE\nTurkish - usp-tr_TR\nUrdu - usp-ur\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Most of the default translations are made via Google Translate. So they are automated and may be a little rough. Feel free to make your own translation as desired. Need a translation into your language? \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsupport\u002F#contact\" rel=\"nofollow ugc\">Let me know!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>✨ Privacy\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>User Data:\u003C\u002Fstrong> This plugin enables users to submit post content. It collects data \u003Cem>only\u003C\u002Fem> from users who voluntarily submit content via the USP form. The only involuntary data that is collected is the IP address of the person submitting the form. The plugin provides an option to disable IP collection completely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cookies:\u003C\u002Fstrong> This plugin uses simple cookies to enable dynamic form functionality. No cookies are used for any other purpose.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Services:\u003C\u002Fstrong> This plugin provides an option to enable Google reCaptcha, which is provided by Google as a third-party service. For details on privacy and more, please refer to official documentation for \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\u002F\" rel=\"nofollow ugc\">Google reCaptcha\u003C\u002Fa>. This plugin also provides an option to enable Cloudflare Turnstile, which is provided by Cloudflare as a third-party service. For details on privacy and more, please refer to official documentation for \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fapplication-services\u002Fproducts\u002Fturnstile\u002F\" rel=\"nofollow ugc\">Cloudflare Turnstile\u003C\u002Fa>. No other outside services or locations are accessed\u002Fused by this plugin.\u003C\u002Fp>\n\u003Ch3>✨ Developer\u003C\u002Fh3>\n\u003Cp>User Submitted Posts is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>✨ Support Development\u003C\u002Fh3>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thanks! πŸ™‚\u003C\u002Fp>\n","Enable visitors to submit posts and images from the front-end of your site. Many features including anti-spam security, content restriction, and more.",10000,1151897,96,907,"2026-02-17T22:02:00.000Z","6.9.4","4.7","5.6.20",[20,21,22,23,24],"frontend-post","guest-post","public-post","submit-post","visitor-post","https:\u002F\u002Fperishablepress.com\u002Fuser-submitted-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-submitted-posts.20260217.zip",76,12,0,"2026-02-17 20:36:12","2026-03-15T15:16:48.613Z",[33,48,63,76,89,102,113,129,141,152,164,175],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2026-2126","user-submitted-posts-incorrect-authorization-to-unauthenticated-category-restriction-bypass-via-user-submitted-category-","User Submitted Posts \u003C= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter","The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the `usp_get_submitted_category()` function accepting user-submitted category IDs from the POST body without validating them against the admin-configured allowed categories stored in `usp_options['categories']`. This makes it possible for unauthenticated attackers to assign submitted posts to arbitrary categories, including restricted ones, by crafting a direct POST request with manipulated `user-submitted-category[]` values, bypassing the frontend category restrictions.",null,"\u003C=20260113","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Incorrect Authorization","2026-02-18 09:25:54",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F02c5e3ad-5cc3-40b1-a15a-10d53383abe6?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":47},"CVE-2026-0800","user-submitted-posts-enable-users-to-submit-posts-from-the-front-end-unauthenticated-stored-cross-site-scripting-via-cus","User Submitted Posts – Enable Users to Submit Posts from the Front End \u003C= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field","The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=20251210","20260110","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-23 19:55:08","2026-01-24 08:26:34",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1ec907bc-bd10-4dc5-be35-4f2aaf5ef444?source=api-prod",{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":38,"affected_versions":68,"patched_in_version":69,"severity":40,"cvss_score":70,"cvss_vector":71,"vuln_type":58,"published_date":72,"updated_date":73,"references":74,"days_to_patch":47},"CVE-2026-0913","user-submitted-posts-authenticated-contributor-stored-cross-site-scripting-via-uspaccess-shortcode","User Submitted Posts \u003C= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode","The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'usp_access' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=20260110","20260113",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2026-01-15 00:00:00","2026-01-16 08:23:38",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F85bf7a1b-3c54-40c9-8f19-fcb9dd478a0e?source=api-prod",{"id":77,"url_slug":78,"title":79,"description":80,"plugin_slug":4,"theme_slug":38,"affected_versions":81,"patched_in_version":82,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":83,"published_date":84,"updated_date":85,"references":86,"days_to_patch":88},"CVE-2025-68509","user-submitted-posts-unauthenticated-open-redirect","User Submitted Posts \u003C= 20251121 - Unauthenticated Open Redirect","The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 20251121. This is due to insufficient validation on the redirect url supplied parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","\u003C=20251121","20251210","URL Redirection to Untrusted Site ('Open Redirect')","2026-01-01 00:00:00","2026-01-05 21:37:32",[87],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd6c78f4b-97e5-4581-a776-4edb04871de8?source=api-prod",5,{"id":90,"url_slug":91,"title":92,"description":93,"plugin_slug":4,"theme_slug":38,"affected_versions":94,"patched_in_version":95,"severity":40,"cvss_score":96,"cvss_vector":97,"vuln_type":58,"published_date":98,"updated_date":99,"references":100,"days_to_patch":47},"CVE-2025-2874","user-submitted-posts-authenticated-admin-stored-cross-site-scripting","User Submitted Posts \u003C= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting","The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20240319 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=20241026","20250327",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-04-02 18:47:46","2025-04-03 07:21:23",[101],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8b212a1a-0e2b-4327-93b5-398bd7a36b5c?source=api-prod",{"id":103,"url_slug":104,"title":105,"description":93,"plugin_slug":4,"theme_slug":38,"affected_versions":106,"patched_in_version":107,"severity":40,"cvss_score":96,"cvss_vector":97,"vuln_type":58,"published_date":108,"updated_date":109,"references":110,"days_to_patch":112},"CVE-2024-5002","user-submitted-posts-enable-users-to-submit-posts-from-the-front-end-authenticated-admin-stored-cross-site-scripting","User Submitted Posts – Enable Users to Submit Posts from the Front End \u003C= 20240319 - Authenticated (Admin+) Stored Cross-Site Scripting","\u003C=20240319","20240516","2024-06-22 00:00:00","2024-08-09 18:32:00",[111],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F005032e2-b5aa-44d8-855f-2aceee9e740f?source=api-prod",49,{"id":114,"url_slug":115,"title":116,"description":117,"plugin_slug":4,"theme_slug":38,"affected_versions":118,"patched_in_version":119,"severity":120,"cvss_score":121,"cvss_vector":122,"vuln_type":123,"published_date":124,"updated_date":125,"references":126,"days_to_patch":128},"CVE-2023-45603","user-submitted-posts-unauthenticated-arbitrary-file-upload-2","User Submitted Posts \u003C= 20230902 - Unauthenticated Arbitrary File Upload","The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_attach_images function in versions up to, and including, 20230902. This makes it possible for unauthenticatedattackers to upload arbitrary files as long as the extension does not contain 'php' on the affected site's server which may make remote code execution possible.","\u003C=20230902","20230914","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2023-10-10 00:00:00","2024-01-22 19:56:02",[127],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbabbe506-3abd-462a-b5b8-5979696eb6e6?source=api-prod",105,{"id":130,"url_slug":131,"title":132,"description":133,"plugin_slug":4,"theme_slug":38,"affected_versions":134,"patched_in_version":135,"severity":40,"cvss_score":70,"cvss_vector":71,"vuln_type":58,"published_date":136,"updated_date":137,"references":138,"days_to_patch":140},"CVE-2023-7251","user-submitted-posts-authenticated-contributor-stored-cross-site-scripting-via-shortcode","User Submitted Posts \u003C= 20230901 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 20230901 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=20230901","20230902","2023-09-06 00:00:00","2024-04-24 14:59:41",[139],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb7fca965-86f8-4ee4-a9d6-cb18fe5f098e?source=api-prod",232,{"id":142,"url_slug":143,"title":144,"description":145,"plugin_slug":4,"theme_slug":38,"affected_versions":146,"patched_in_version":147,"severity":40,"cvss_score":70,"cvss_vector":71,"vuln_type":58,"published_date":148,"updated_date":125,"references":149,"days_to_patch":151},"CVE-2023-4779","user-submitted-posts-enable-users-to-submit-posts-from-the-front-end-authenticated-contributor-stored-cross-site-scripti","User Submitted Posts – Enable Users to Submit Posts from the Front End \u003C= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=20230811","20230901","2023-09-05 00:00:00",[150],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd21ca709-183f-4dd1-849c-f1b2a4f7ec43?source=api-prod",140,{"id":153,"url_slug":154,"title":155,"description":156,"plugin_slug":4,"theme_slug":38,"affected_versions":157,"patched_in_version":158,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":159,"updated_date":160,"references":161,"days_to_patch":163},"CVE-2023-4308","user-submitted-posts-unauthenticated-stored-cross-site-scripting-via-user-submitted-content","User Submitted Posts \u003C= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'","The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=20230809","20230811","2023-08-14 00:00:00","2025-02-11 21:59:49",[162],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3bb4d37c-c4c2-4523-9b4e-73ffb7be81ea?source=api-prod",548,{"id":165,"url_slug":166,"title":167,"description":168,"plugin_slug":4,"theme_slug":38,"affected_versions":169,"patched_in_version":170,"severity":120,"cvss_score":121,"cvss_vector":122,"vuln_type":123,"published_date":171,"updated_date":125,"references":172,"days_to_patch":174},"CVE-2019-25138","user-submitted-posts-unauthenticated-arbitrary-file-upload","User Submitted Posts \u003C= 20190312 - Unauthenticated Arbitrary File Upload","The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","\u003C20190426","20190426","2019-05-02 00:00:00",[173],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5a97877b-fb4d-4e87-bcff-56be65fee6ce?source=api-prod",1727,{"id":176,"url_slug":177,"title":178,"description":179,"plugin_slug":4,"theme_slug":38,"affected_versions":180,"patched_in_version":181,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":182,"updated_date":125,"references":183,"days_to_patch":185},"CVE-2016-11001","user-submitted-posts-reflected-cross-site-scripting","User Submitted Posts \u003C 20160215 - Reflected Cross-Site Scripting","The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.","\u003C20160215","20160215","2016-02-10 00:00:00",[184],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fda848ced-acc4-48bc-8fbe-e90cdd53b3e8?source=api-prod",2904,{"slug":187,"display_name":7,"profile_url":8,"plugin_count":188,"total_installs":189,"avg_security_score":190,"avg_patch_time_days":191,"trust_score":192,"computed_at":193},"specialk",30,1241610,98,345,78,"2026-04-03T17:56:16.329Z",[195,216,235,254,275],{"slug":196,"name":197,"version":198,"author":199,"author_profile":200,"description":201,"short_description":202,"active_installs":203,"downloaded":204,"rating":205,"num_ratings":88,"last_updated":206,"tested_up_to":16,"requires_at_least":207,"requires_php":208,"tags":209,"homepage":212,"download_link":213,"security_score":27,"vuln_count":214,"unpatched_count":47,"last_vuln_date":215,"fetched_at":31},"easy-post-submission","Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress","2.2.0","ThemeRuby","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeruby\u002F","\u003Cp>Enable users to submit posts and manage profiles from the front-end. Ideal for news, magazines, and creative platforms.\u003C\u002Fp>\n\u003Ch3>The best frontend posting plugin for WordPress\u003C\u002Fh3>\n\u003Cp>A powerful plugin designed to user-generated content on your website. Perfect for news sites, magazines, blogs, and creative platforms, this plugin enables your users to effortlessly submit posts, manage profiles, and share their ideas without ever accessing the WordPress dashboard.\u003C\u002Fp>\n\u003Cp>View all features \u003Ca href=\"https:\u002F\u002Feasyps.net\u002F\" rel=\"nofollow ugc\">Visit the Official Site\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Frontend Post Submission:\u003C\u002Fstrong> Allow users to create, edit, and manage posts directly from the frontend, eliminating the need for backend access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited Submission Forms:\u003C\u002Fstrong> Create and customize multiple submission forms to cater to different content needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & High Performance:\u003C\u002Fstrong> Enjoy a quick setup and a design optimized for speed, ensuring your website remains fast and responsive.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Guest & Registered User Support:\u003C\u002Fstrong> handle submissions from both guests (no login required) and registered users with customizable access levels.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rich Media Uploads:\u003C\u002Fstrong> Empower users to upload images, videos, and other media to enhance their posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Publishing Options:\u003C\u002Fstrong> Choose between auto-publishing posts or setting them for admin approval before going live.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Dashboard:\u003C\u002Fstrong> Provide a personalized dashboard for users to view and manage their submitted posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automated Email Notifications:\u003C\u002Fstrong> Keep everyone informed with automated email alerts for submissions, approvals, or rejections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Robust Spam Protection:\u003C\u002Fstrong> Secure your forms with Google reCAPTCHA to prevent spam and bot submissions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffoxiz.themeruby.com\u002Fjournal\u002Fsubmit-a-post\u002F\" rel=\"nofollow ugc\">Submit a Post\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffoxiz.themeruby.com\u002Fjournal\u002Fyour-submission-management\u002F\" rel=\"nofollow ugc\">Post Management\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffoxiz.themeruby.com\u002Fjournal\u002Fedit-post\u002F?post-id=252\u002F\" rel=\"nofollow ugc\">Edit Post\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Access the plugin documentation for usage instructions: \u003Ca href=\"https:\u002F\u002Feasyps.net\u002Fdocs\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an API to obtain reCAPTCHA information. It is needed to verify humans when submitting and to avoid spam.\u003Cbr \u002F>\nThe plugin will connect to reCAPTCHA each time the visitor performs a verification action.\u003Cbr \u002F>\nFor more details, refer to the reCAPTCHA Privacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n","Enable users to submit posts and manage profiles from the front-end. Ideal for news, magazines, and creative platforms.",2000,13520,100,"2025-12-26T03:56:00.000Z","6.3","7.4",[210,20,21,22,211],"anonymous-post","user-post","https:\u002F\u002Feasyps.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-post-submission.2.2.0.zip",2,"2026-03-04 00:00:00",{"slug":217,"name":218,"version":219,"author":220,"author_profile":221,"description":222,"short_description":223,"active_installs":205,"downloaded":224,"rating":205,"num_ratings":225,"last_updated":226,"tested_up_to":16,"requires_at_least":227,"requires_php":228,"tags":229,"homepage":230,"download_link":231,"security_score":232,"vuln_count":233,"unpatched_count":214,"last_vuln_date":234,"fetched_at":31},"front-editor","Guest posting \u002F Frontend Posting \u002F Front Editor – WP Front User Submit","5.0.6","aharonyan","https:\u002F\u002Fprofiles.wordpress.org\u002Faharonyan\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fdemo.wpfronteditor.com\u002F\" rel=\"nofollow ugc\">🌐 Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpfronteditor.com\u002Fdocs\" rel=\"nofollow ugc\">πŸ“– Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Ft.me\u002F+loTEjPRS6lw3NTli\" rel=\"nofollow ugc\">πŸ’¬ Community\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpfronteditor.com\u002F\" rel=\"nofollow ugc\">πŸš€ Upgrade to PRO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>WP Front User Submit is a versatile WordPress plugin designed to enable post submissions from the frontend with or without user login. Packed with configurable options, it offers a comprehensive solution for guest posting.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✨ Core Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Includes a fast & secure post-submission form\u003C\u002Fli>\n\u003Cli>Includes a simple login\u002Fregister\u002Fpassword form\u003C\u002Fli>\n\u003Cli>Display forms anywhere via shortcode or template tag\u003C\u002Fli>\n\u003Cli>Flexibility for Admins\u003C\u002Fli>\n\u003Cli>Drag and Drop Form Builder\u003C\u002Fli>\n\u003Cli>Guest Post Support\u003C\u002Fli>\n\u003Cli>Admin and User Notification Configurations\u003C\u002Fli>\n\u003Cli>Redirection Options After Submission\u003C\u002Fli>\n\u003Cli>Configure Submitted Post Status\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable Form Components\u003C\u002Fli>\n\u003Cli>Multiple Text Editors (EditorJS, MD Editor, TinyMCE Editor, Simple Text Area)\u003C\u002Fli>\n\u003Cli>Use anywhere easily with shortcodes\u003C\u002Fli>\n\u003Cli>Simple Login and Registration Forms [fus_form_login] & [fus_form_register]\u003C\u002Fli>\n\u003Cli>Redirect user to any URL or current page after submission\u003C\u002Fli>\n\u003Cli>Use the default form styles or add your own custom CSS\u003C\u002Fli>\n\u003Cli>Form fields may be set as optional or required\u003C\u002Fli>\n\u003Cli>Includes shortcode to display a list of submitted posts [fe_fs_user_admin]\u003C\u002Fli>\n\u003Cli>Post Images\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA Integration\u003C\u002Fli>\n\u003Cli>Responsive and Browser Compatible\u003C\u002Fli>\n\u003Cli>Developer Documentation Available\u003C\u002Fli>\n\u003Cli>WooCommerce integration: Enable payment collection for each post submission.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong> Detailed Features \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Flexibility for Admins\u003C\u002Fstrong>\u003Cbr \u002F>\nManage users from the frontend and configure backend access for specific users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Files & attachments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Allow users to upload attachments, including post featured images, directly from the frontend.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Drag-n-Drop Form Builder\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Build and customize forms with ease using the drag-and-drop form builder with real-time preview.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Shortcodes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Use unique shortcodes to embed forms anywhere on your site without breaking your theme’s style.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Guest Post Submission\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Enable guests to submit posts from the frontend without registering.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Frontend Content Management\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Users can upload files, fill out forms, and update their posts directly from the frontend.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Next-Generation Block Styled Editor (EditorJS)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Enhance post content with block-styled editing capabilities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customizable Post Status and Messages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Set default post statuses, customize submission messages, and modify submit button text.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Display Custom Fields Data in Post\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Custom fields data are viewable to visitors on frontend on single post pages. Admins can disable this feature also.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Admin Panel\u003C\u002Fstrong>\u003Cbr \u002F>\nManage posts with ease, including editing and deleting capabilities, using the [fe_fs_user_admin] shortcode.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integrations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Compatible with the User Role Editor plugin for advanced permission configurations.\u003C\u002Fli>\n\u003Cli>Compatible with ACF plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>✨ Premium Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom taxonomy support\u003C\u002Fli>\n\u003Cli>Custom post types\u003C\u002Fli>\n\u003Cli>Custom field support\u003C\u002Fli>\n\u003Cli>FilePond integration for file uploads\u003C\u002Fli>\n\u003Cli>Custom field with various field types\u003Cbr \u002F>\n – Textfield\u003Cbr \u002F>\n – Textarea\u003Cbr \u002F>\n – Number\u003Cbr \u002F>\n – Email\u003Cbr \u002F>\n – URL\u003Cbr \u002F>\n – Tel\u003C\u002Fli>\n\u003Cli>Enhanced EditorJS features (Gallery, Image uploading, Table, Carousel, etc.)\u003C\u002Fli>\n\u003Cli>Thumbnail using WP Media Uploader\u003C\u002Fli>\n\u003Cli>Multiple categories selection\u003C\u002Fli>\n\u003Cli>Files and images advanced uploader field using Filepond JavaScript library\u003C\u002Fli>\n\u003Cli>Google Map Field\u003C\u002Fli>\n\u003Cli>Date Field\u003C\u002Fli>\n\u003Cli>Hidden field\u003C\u002Fli>\n\u003Cli>Radio Group field\u003C\u002Fli>\n\u003Cli>Number field\u003C\u002Fli>\n\u003Cli>Button field\u003C\u002Fli>\n\u003Cli>Header field\u003C\u002Fli>\n\u003Cli>Checkbox Group field\u003C\u002Fli>\n\u003Cli>Paragraph field\u003C\u002Fli>\n\u003Cli>Action hook field\u003C\u002Fli>\n\u003Cli>hCaptcha field\u003C\u002Fli>\n\u003Cli>WooCommerce integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Boost your site value with user-generated content!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Try It Out\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"http:\u002F\u002Fdemo.wpfronteditor.com\u002Fwp-login.php\" rel=\"nofollow ugc\">Online Demo\u003C\u002Fa> of the FREE & PRO version.\u003Cbr \u002F>\n* \u003Ca href=\"http:\u002F\u002Fdemo.wpfronteditor.com\u002Fwp-login.php\" rel=\"nofollow ugc\">Login Here\u003C\u002Fa>\u003Cbr \u002F>\n* Username: Demo\u003Cbr \u002F>\n* Password: Demo\u003C\u002Fp>\n\u003Ch3>Please help us to improve the plugin\u003C\u002Fh3>\n\u003Cp>For revision and issues \u003Ca href=\"https:\u002F\u002Fwpfronteditor.com\u002Fdocs\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Front Editor Pro* now available \u003Ca href=\"https:\u002F\u002Fwpfronteditor.com\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Community\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fwpfronteditor.com\u002Fdocs\u002F\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Check documentation \u003Ca href=\"https:\u002F\u002Fwpfronteditor.com\u002Fdocs\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information please visit \u003Ca href=\"https:\u002F\u002Fwpfronteditor.com\u002F\" rel=\"nofollow ugc\">our site\u003C\u002Fa> .\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English – default, always included\u003C\u002Fli>\n\u003Cli>Russian – ru_RU\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin enables users to submit post content from Front End. Use our plugin to implement guest posting",25611,22,"2026-02-16T12:05:00.000Z","4.0","7.0",[20,21,22,211],"https:\u002F\u002Fwpfronteditor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffront-editor.5.0.6.zip",52,9,"2026-01-06 20:25:47",{"slug":236,"name":237,"version":238,"author":239,"author_profile":240,"description":241,"short_description":242,"active_installs":243,"downloaded":244,"rating":29,"num_ratings":29,"last_updated":245,"tested_up_to":246,"requires_at_least":247,"requires_php":248,"tags":249,"homepage":251,"download_link":252,"security_score":253,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"submit-content","Submit Content","1.1","bharatthapa","https:\u002F\u002Fprofiles.wordpress.org\u002Fbharatthapa\u002F","\u003Cp>\u003Cstrong>The most comprehensive Plugin for User-Generated Content!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Enable users to submit posts from the frontend of your website.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Submit Content is a free and open source WordPress plugin maintained by bharat thapa that allows users to submit posts and custom posts from frontend of the WordPress website.\u003C\u002Fp>\n\u003Cp>Submit Content is a free and open source WordPress plugin, and will be fully supported and maintained as long as is necessary.\u003C\u002Fp>\n\u003Cp>At a glance, this plugin allows the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Administrators can choose whether only logged in users can submit content or site visitors as well.\u003C\u002Fli>\n\u003Cli>Notify admin via email whenever a post or custom post is submitted by the user.\u003C\u002Fli>\n\u003Cli>Protect form from spams and bots by implementing Google’s reCAPTCHA V3 service.\u003C\u002Fli>\n\u003Cli>You can choose what form fields to show in the frontend from plugin settings page.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Use the shortcode tag in post, page or widget to allow users to submit content.\u003C\u002Fp>\n\u003Cp>[submitcontent id=”1β€³]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Core Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Includes a fast & secure post-submission form\u003C\u002Fli>\n\u003Cli>Display forms anywhere via shortcode or template tag\u003C\u002Fli>\n\u003Cli>You choose which fields to display on the form\u003C\u002Fli>\n\u003Cli>Receive email notification alerts for submitted posts\u003C\u002Fli>\n\u003Cli>AJAX for better user experience\u003C\u002Fli>\n\u003Cli>Rich Text Editor experience in the frontend form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Form Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Google reCAPTCHA: v3 (hidden recaptcha)\u003C\u002Fli>\n\u003Cli>Stops spam via input validation, captcha, and hidden field\u003C\u002Fli>\n\u003Cli>Option to require users to be logged in to use the form\u003C\u002Fli>\n\u003Cli>AJAX for better user experience\u003C\u002Fli>\n\u003Cli>Rich Text Editor experience in the frontend form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Submit Content is simple to use and built with clean, secure code via the WordPress APIs!\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>User Data:\u003C\u002Fstrong> Submit Content enables users to submit post content. It collects data only from users who voluntarily submit content via the Submit Content form.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cookies:\u003C\u002Fstrong> No cookies are used for any purpose in this plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Services:\u003C\u002Fstrong> This plugin provides an option to enable Google reCaptcha, which is provided by Google as a third-party service. For details on privacy and more, please refer to official documentation for \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\u002F\" rel=\"nofollow ugc\">Google reCAPTCHA\u003C\u002Fa>. No other outside services or locations are accessed\u002Fused by this plugin.\u003C\u002Fp>\n","Allows you to submit posts, and custom pots, from frontend.",10,1276,"2023-06-23T17:10:00.000Z","6.2.9","4.9","5.2.4",[20,22,250,23,211],"submit-custom-post","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsubmit-content.1.1.zip",85,{"slug":255,"name":256,"version":257,"author":258,"author_profile":259,"description":260,"short_description":261,"active_installs":203,"downloaded":262,"rating":263,"num_ratings":264,"last_updated":265,"tested_up_to":16,"requires_at_least":266,"requires_php":228,"tags":267,"homepage":270,"download_link":271,"security_score":272,"vuln_count":273,"unpatched_count":29,"last_vuln_date":274,"fetched_at":31},"frontend-post-submission-manager-lite","Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin","1.2.8","WP Shuffle","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpshuffle\u002F","\u003Cp>\u003Cstrong>Frontend Post Submission Manager Lite\u003C\u002Fstrong> is a free, powerful and user-friendly Frontend Posting WordPress plugin designed to simplify the process of submitting posts directly from the frontend of your website. Whether your users are logged in or not, this plugin empowers them to create and submit posts effortlessly, enhancing user engagement and content generation on your site.\u003C\u002Fp>\n\u003Cp>You can configure available forms with \u003Cstrong>drag and drop form builder, add unlimited custom fields\u003C\u002Fstrong> with various field type supports.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FoOd3kbQjrKg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Frontend Post Submission Manager Lite Features\u003C\u002Fh4>\n\u003Cp>πŸ“‹ \u003Cstrong>Guest Post Form and Login Required Form with Drag and Drop Form Builder\u003C\u002Fstrong>\u003Cbr \u002F>\nCreate custom submission forms effortlessly using a user-friendly drag-and-drop builder.\u003C\u002Fp>\n\u003Cp>πŸ› οΈ \u003Cstrong>Unlimited Custom Fields with Various Types\u003C\u002Fstrong>\u003Cbr \u002F>\nCollect diverse data with unlimited custom fields and various field types.\u003C\u002Fp>\n\u003Cp>πŸ‘οΈβ€πŸ—¨οΈ \u003Cstrong>Frontend and Backend Display\u003C\u002Fstrong>\u003Cbr \u002F>\nView custom field data both on the frontend and backend for easy access.\u003C\u002Fp>\n\u003Cp>πŸ–ŒοΈ \u003Cstrong>5 Beautiful Pre-Designed Templates\u003C\u002Fstrong>\u003Cbr \u002F>\nChoose from five visually appealing templates to enhance form aesthetics.\u003C\u002Fp>\n\u003Cp>🌐 \u003Cstrong>Guest Post Support\u003C\u002Fstrong>\u003Cbr \u002F>\nEncourage guest contributors to submit content and expand engagement.\u003C\u002Fp>\n\u003Cp>πŸ”’ \u003Cstrong>Secure Form Submission with Google Captcha\u003C\u002Fstrong>\u003Cbr \u002F>\nProtect your site from spam with secure Google Captcha integration.\u003C\u002Fp>\n\u003Cp>πŸ“§ \u003Cstrong>Admin and User Notification Configurations\u003C\u002Fstrong>\u003Cbr \u002F>\nCustomize notifications for admin and users to stay informed.\u003C\u002Fp>\n\u003Cp>πŸ‘οΈβ€πŸ—¨οΈ \u003Cstrong>Frontend Form Preview\u003C\u002Fstrong>\u003Cbr \u002F>\nEnable users to preview form entries before submission.\u003C\u002Fp>\n\u003Cp>πŸ”€ \u003Cstrong>Redirection after Successful Submission\u003C\u002Fstrong>\u003Cbr \u002F>\nRedirect users to specific pages post-submission for a seamless experience.\u003C\u002Fp>\n\u003Cp>πŸ“ˆ \u003Cstrong>Configure Submitted Post Status\u003C\u002Fstrong>\u003Cbr \u002F>\nCustomize post status, author, and format to align with your strategy.\u003C\u002Fp>\n\u003Cp>πŸ”’ \u003Cstrong>Character Limit Configuration\u003C\u002Fstrong>\u003Cbr \u002F>\nSet character limits for content submissions.\u003C\u002Fp>\n\u003Cp>βœ… \u003Cstrong>Enable\u002FDisable Form Components\u003C\u002Fstrong>\u003Cbr \u002F>\nTailor the form by enabling or disabling specific components.\u003C\u002Fp>\n\u003Cp>πŸ”„ \u003Cstrong>Ajax Form Submission\u003C\u002Fstrong>\u003Cbr \u002F>\nEnsure real-time submissions with smooth Ajax form functionality.\u003C\u002Fp>\n\u003Cp>πŸ’Ό \u003Cstrong>Developer Documentation Available\u003C\u002Fstrong>\u003Cbr \u002F>\nAccess developer documentation for customizing the plugin.\u003C\u002Fp>\n\u003Cp>πŸ“± \u003Cstrong>All Device-Friendly and Browser Compatibility\u003C\u002Fstrong>\u003Cbr \u002F>\nOptimized for all devices and browsers for universal accessibility.\u003C\u002Fp>\n\u003Cp>🌐 \u003Cstrong>Translation Ready\u003C\u002Fstrong>\u003Cbr \u002F>\nExpand your reach with translation-ready features for global audiences.\u003C\u002Fp>\n\u003Ch4>Check Frontend Post Submission Manager Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create Unlimited Forms with different Restrictions\u003C\u002Fli>\n\u003Cli>20+ Pre Designed Beautiful Form Templates\u003C\u002Fli>\n\u003Cli>Custom field with various field types\n\u003Cul>\n\u003Cli>Textfield\u003C\u002Fli>\n\u003Cli>Textarea\u003C\u002Fli>\n\u003Cli>Select Dropdown\u003C\u002Fli>\n\u003Cli>Checkbox\u003C\u002Fli>\n\u003Cli>Radio Button\u003C\u002Fli>\n\u003Cli>Number\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>Datepicker\u003C\u002Fli>\n\u003Cli>File Uploader\u003C\u002Fli>\n\u003Cli>URL\u003C\u002Fli>\n\u003Cli>Tel\u003C\u002Fli>\n\u003Cli>Youtube Embed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Custom Post Types Support\u003C\u002Fli>\n\u003Cli>Custom Taxonomies Support\u003C\u002Fli>\n\u003Cli>Frontend Post Management Dashboard\u003C\u002Fli>\n\u003Cli>Direct Image upload to Post Content Editor with or without logging in\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check all Frontend Post Submission Manager premium features \u003Ca href=\"https:\u002F\u002Fwpshuffle.com\u002Fwordpress-documentations\u002Ffrontend-post-submission-manager\u002F?utm_source=dotorg&utm_campaign=check\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F2CGtfQG7RfU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Upgrade to PRO\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>To upgrade to pro, please go \u003Ca href=\"https:\u002F\u002Fwpshuffle.com\u002Fwordpress-documentations\u002Ffrontend-post-submission-manager\u002F?utm_source=dotorg&utm_campaign=check\" rel=\"nofollow ugc\">here\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>To check demo, please go \u003Ca href=\"http:\u002F\u002Fdemo.wpshuffle.com\u002Ffrontend-post-submission-manager\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Frontend Post Submission with or without Login, 5 PreDesigned Form Templates, Add Unlimited Custom Fields, Google Captcha Security, Post Notifications",74187,90,21,"2026-02-11T06:17:00.000Z","5.5",[210,20,268,269,211],"frontend-posting","guest-posting","http:\u002F\u002Fwpshuffle.com\u002Fwordpress-plugins\u002Ffrontend-post-submission-manager-lite","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffrontend-post-submission-manager-lite.1.2.8.zip",95,4,"2026-02-17 16:14:54",{"slug":276,"name":277,"version":278,"author":279,"author_profile":280,"description":281,"short_description":282,"active_installs":243,"downloaded":283,"rating":29,"num_ratings":29,"last_updated":284,"tested_up_to":246,"requires_at_least":227,"requires_php":251,"tags":285,"homepage":251,"download_link":289,"security_score":253,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"ugc-creator","UGC Creator","1.0","ugcplugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fugcplugin\u002F","\u003Cp>\u003Cstrong>UGC Creator is a powerful and easy-to-use WordPress plugin that empowers your users to submit posts from the frontend of your website.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>UGC Creator offers a front-end form allowing visitors to submit posts and upload images with ease. Simply insert the following shortcode into any Post or Page:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[ugc_plugin]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Our plugin is built with the highly versatile and user-friendly \u003Ca href=\"https:\u002F\u002Feditorjs.io\u002F\" rel=\"nofollow ugc\">Editor.js\u003C\u002Fa>, providing your users with an array of formatting and styling options to create stunning, professional-grade posts. UGC Creator supports a range of content types, including text, images, and videos, making it the perfect tool for any website that relies on user-generated content.\u003C\u002Fp>\n","Plugin for User-Generated Content: Get frontend post with an array of formatting and styling options to create stunning, professional-grade posts.",808,"2023-04-03T03:22:00.000Z",[20,286,23,287,288],"share-post","ugc","ugc-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fugc-creator.zip",{"attackSurface":291,"codeSignals":446,"taintFlows":647,"riskAssessment":717,"analyzedAt":729},{"hooks":292,"ajaxHandlers":406,"restRoutes":415,"shortcodes":416,"cronEvents":445,"entryPointCount":243,"unprotectedCount":29},[293,299,302,305,308,311,314,320,324,328,331,335,338,342,346,348,352,356,359,362,365,369,372,376,380,384,388,392,396,399,403],{"type":294,"name":295,"callback":296,"file":297,"line":298},"filter","the_content","usp_auto_display_images","library\\core-functions.php",63,{"type":294,"name":295,"callback":300,"file":297,"line":301},"usp_auto_display_email",165,{"type":294,"name":295,"callback":303,"file":297,"line":304},"usp_auto_display_name",201,{"type":294,"name":295,"callback":306,"file":297,"line":307},"usp_auto_display_url",242,{"type":294,"name":295,"callback":309,"file":297,"line":310},"usp_auto_display_custom_2",293,{"type":294,"name":295,"callback":312,"file":297,"line":313},"usp_auto_display_custom",344,{"type":315,"name":316,"callback":317,"file":318,"line":319},"action","wp_enqueue_scripts","usp_enqueueResources","library\\enqueue-scripts.php",114,{"type":315,"name":321,"callback":322,"file":318,"line":323},"admin_enqueue_scripts","usp_load_admin_styles",211,{"type":315,"name":325,"callback":326,"file":327,"line":28},"admin_menu","usp_add_options_page","library\\plugin-settings.php",{"type":315,"name":329,"callback":330,"file":327,"line":264},"admin_init","usp_init",{"type":294,"name":332,"callback":333,"priority":243,"file":327,"line":334},"plugin_action_links","usp_plugin_action_links",51,{"type":294,"name":336,"callback":337,"priority":243,"file":327,"line":27},"plugin_row_meta","add_usp_links",{"type":294,"name":339,"callback":340,"priority":243,"file":327,"line":341},"admin_footer_text","usp_admin_footer_text",99,{"type":294,"name":343,"callback":344,"file":327,"line":345},"safe_style_css","usp_filter_safe_styles",138,{"type":315,"name":329,"callback":347,"file":327,"line":301},"usp_compare_version",{"type":315,"name":349,"callback":350,"priority":243,"file":327,"line":351},"updated_option","usp_update_category_option",999,{"type":315,"name":353,"callback":354,"file":327,"line":355},"admin_notices","usp_admin_notice",1277,{"type":315,"name":329,"callback":357,"file":327,"line":358},"usp_dismiss_notice_version",1300,{"type":315,"name":329,"callback":360,"file":327,"line":361},"usp_dismiss_notice_save",1329,{"type":294,"name":295,"callback":363,"file":364,"line":301},"usp_shortcode_empty_p_fix","library\\shortcode-access.php",{"type":315,"name":366,"callback":367,"file":368,"line":128},"init","usp_i18n_init","user-submitted-posts.php",{"type":315,"name":329,"callback":370,"file":368,"line":371},"usp_require_wp_version",137,{"type":294,"name":373,"callback":374,"priority":243,"file":368,"line":375},"widget_text","do_shortcode",156,{"type":315,"name":377,"callback":378,"priority":47,"file":368,"line":379},"parse_request","usp_checkForPublicSubmission",513,{"type":315,"name":381,"callback":382,"file":368,"line":383},"add_meta_boxes","usp_add_meta_box",678,{"type":315,"name":385,"callback":386,"file":368,"line":387},"restrict_manage_posts","usp_outputUserSubmissionLink",767,{"type":315,"name":389,"callback":390,"file":368,"line":391},"parse_query","usp_addSubmittedStatusClause",800,{"type":294,"name":393,"callback":394,"file":368,"line":395},"the_author","usp_replaceAuthor",822,{"type":315,"name":366,"callback":397,"file":368,"line":398},"usp_remote_delete_post",1735,{"type":315,"name":400,"callback":401,"file":368,"line":402},"wp_logout","usp_clear_cookies",1948,{"type":315,"name":329,"callback":404,"file":368,"line":405},"usp_add_new_options",1967,[407,413],{"action":408,"nopriv":409,"callback":410,"hasNonce":411,"hasCapCheck":409,"file":318,"line":412},"challenge_nonce",false,"usp_ajax_challenge_nonce",true,224,{"action":408,"nopriv":411,"callback":410,"hasNonce":411,"hasCapCheck":409,"file":318,"line":414},225,[],[417,420,423,426,431,436,439,442],{"tag":418,"callback":418,"file":364,"line":419},"usp_access",48,{"tag":421,"callback":421,"file":364,"line":422},"usp_visitor",92,{"tag":424,"callback":424,"file":364,"line":425},"usp_member",136,{"tag":427,"callback":428,"file":429,"line":430},"usp-login-form","usp_login_form_shortcode","library\\shortcode-login.php",209,{"tag":432,"callback":433,"file":434,"line":435},"usp-reset-button","usp_reset_button_shortcode","library\\shortcode-misc.php",40,{"tag":437,"callback":437,"file":434,"line":438},"usp_display_posts",144,{"tag":440,"callback":440,"file":434,"line":441},"usp_gallery",180,{"tag":4,"callback":443,"file":368,"line":444},"usp_display_form",731,[],{"dangerousFunctions":447,"sqlUsage":448,"outputEscaping":451,"fileOperations":645,"externalRequests":214,"nonceChecks":273,"capabilityChecks":273,"bundledLibraries":646},[],{"prepared":449,"raw":29,"locations":450},3,[],{"escaped":452,"rawEcho":453,"locations":454},306,112,[455,459,460,462,464,465,467,468,470,472,473,475,476,477,478,480,482,484,486,487,489,491,493,495,497,499,501,503,504,506,508,510,511,513,514,516,517,519,521,523,525,527,529,531,533,536,537,539,541,542,544,545,546,548,550,552,554,556,558,561,563,565,567,568,570,571,573,575,577,579,581,582,583,584,585,587,589,590,591,593,595,597,598,600,601,603,606,608,609,611,613,615,616,618,620,621,623,625,627,629,630,631,632,633,634,635,636,637,638,640,642,644],{"file":456,"line":457,"context":458},"library\\plugin-display.php",17,"raw output",{"file":456,"line":188,"context":458},{"file":456,"line":461,"context":458},47,{"file":456,"line":463,"context":458},89,{"file":456,"line":263,"context":458},{"file":456,"line":466,"context":458},91,{"file":456,"line":422,"context":458},{"file":456,"line":469,"context":458},93,{"file":456,"line":471,"context":458},94,{"file":456,"line":272,"context":458},{"file":456,"line":474,"context":458},97,{"file":456,"line":190,"context":458},{"file":456,"line":341,"context":458},{"file":456,"line":205,"context":458},{"file":456,"line":479,"context":458},101,{"file":456,"line":481,"context":458},102,{"file":456,"line":483,"context":458},124,{"file":456,"line":485,"context":458},158,{"file":456,"line":301,"context":458},{"file":456,"line":488,"context":458},234,{"file":456,"line":490,"context":458},336,{"file":456,"line":492,"context":458},511,{"file":456,"line":494,"context":458},612,{"file":456,"line":496,"context":458},626,{"file":456,"line":498,"context":458},639,{"file":456,"line":500,"context":458},652,{"file":456,"line":502,"context":458},665,{"file":456,"line":383,"context":458},{"file":327,"line":505,"context":458},1266,{"file":429,"line":507,"context":458},44,{"file":429,"line":509,"context":458},46,{"file":429,"line":112,"context":458},{"file":429,"line":512,"context":458},59,{"file":429,"line":453,"context":458},{"file":429,"line":515,"context":458},128,{"file":429,"line":371,"context":458},{"file":429,"line":518,"context":458},148,{"file":429,"line":520,"context":458},157,{"file":429,"line":522,"context":458},164,{"file":429,"line":524,"context":458},177,{"file":429,"line":526,"context":458},178,{"file":429,"line":528,"context":458},182,{"file":429,"line":530,"context":458},183,{"file":429,"line":532,"context":458},184,{"file":534,"line":535,"context":458},"library\\support-panel.php",125,{"file":534,"line":515,"context":458},{"file":534,"line":538,"context":458},133,{"file":534,"line":540,"context":458},134,{"file":534,"line":540,"context":458},{"file":543,"line":341,"context":458},"library\\template-tags.php",{"file":543,"line":483,"context":458},{"file":543,"line":515,"context":458},{"file":368,"line":547,"context":458},699,{"file":368,"line":549,"context":458},700,{"file":368,"line":551,"context":458},701,{"file":368,"line":553,"context":458},702,{"file":368,"line":555,"context":458},737,{"file":368,"line":557,"context":458},762,{"file":559,"line":560,"context":458},"views\\submission-form-alt.php",20,{"file":559,"line":562,"context":458},28,{"file":559,"line":564,"context":458},37,{"file":559,"line":566,"context":458},41,{"file":559,"line":461,"context":458},{"file":559,"line":569,"context":458},53,{"file":559,"line":512,"context":458},{"file":559,"line":572,"context":458},65,{"file":559,"line":574,"context":458},72,{"file":559,"line":576,"context":458},74,{"file":559,"line":578,"context":458},81,{"file":559,"line":580,"context":458},88,{"file":559,"line":471,"context":458},{"file":559,"line":341,"context":458},{"file":559,"line":205,"context":458},{"file":559,"line":205,"context":458},{"file":559,"line":586,"context":458},104,{"file":559,"line":588,"context":458},110,{"file":559,"line":588,"context":458},{"file":559,"line":453,"context":458},{"file":559,"line":592,"context":458},143,{"file":559,"line":594,"context":458},171,{"file":559,"line":596,"context":458},173,{"file":559,"line":524,"context":458},{"file":559,"line":599,"context":458},181,{"file":559,"line":528,"context":458},{"file":559,"line":602,"context":458},192,{"file":604,"line":605,"context":458},"views\\submission-form.php",7,{"file":604,"line":607,"context":458},18,{"file":604,"line":225,"context":458},{"file":604,"line":610,"context":458},25,{"file":604,"line":612,"context":458},32,{"file":604,"line":614,"context":458},38,{"file":604,"line":507,"context":458},{"file":604,"line":617,"context":458},50,{"file":604,"line":619,"context":458},57,{"file":604,"line":512,"context":458},{"file":604,"line":622,"context":458},66,{"file":604,"line":624,"context":458},73,{"file":604,"line":626,"context":458},79,{"file":604,"line":628,"context":458},84,{"file":604,"line":253,"context":458},{"file":604,"line":253,"context":458},{"file":604,"line":463,"context":458},{"file":604,"line":272,"context":458},{"file":604,"line":272,"context":458},{"file":604,"line":474,"context":458},{"file":604,"line":515,"context":458},{"file":604,"line":375,"context":458},{"file":604,"line":485,"context":458},{"file":604,"line":639,"context":458},162,{"file":604,"line":641,"context":458},166,{"file":604,"line":643,"context":458},167,{"file":604,"line":524,"context":458},6,[],[648,665,679,690],{"entryPoint":649,"graph":650,"unsanitizedCount":47,"severity":40},"usp_verify_recaptcha (user-submitted-posts.php:547)",{"nodes":651,"edges":663},[652,657],{"id":653,"type":654,"label":655,"file":368,"line":656},"n0","source","$_POST",558,{"id":658,"type":659,"label":660,"file":368,"line":661,"wp_function":662},"n1","sink","file_get_contents() [SSRF\u002FLFI]",560,"file_get_contents",[664],{"from":653,"to":658,"sanitized":409},{"entryPoint":666,"graph":667,"unsanitizedCount":29,"severity":678},"usp_checkForPublicSubmission (user-submitted-posts.php:407)",{"nodes":668,"edges":676},[669,672],{"id":653,"type":654,"label":670,"file":368,"line":671},"$_SERVER",497,{"id":658,"type":659,"label":673,"file":368,"line":674,"wp_function":675},"wp_redirect() [Open Redirect]",506,"wp_redirect",[677],{"from":653,"to":658,"sanitized":411},"low",{"entryPoint":680,"graph":681,"unsanitizedCount":29,"severity":678},"usp_remote_delete_post (user-submitted-posts.php:1704)",{"nodes":682,"edges":688},[683,686],{"id":653,"type":654,"label":684,"file":368,"line":685},"$_GET",1710,{"id":658,"type":659,"label":673,"file":368,"line":687,"wp_function":675},1724,[689],{"from":653,"to":658,"sanitized":411},{"entryPoint":691,"graph":692,"unsanitizedCount":29,"severity":678},"\u003Cuser-submitted-posts> (user-submitted-posts.php:0)",{"nodes":693,"edges":712},[694,695,696,698,700,704,708,710],{"id":653,"type":654,"label":670,"file":368,"line":671},{"id":658,"type":659,"label":673,"file":368,"line":674,"wp_function":675},{"id":697,"type":654,"label":655,"file":368,"line":656},"n2",{"id":699,"type":659,"label":660,"file":368,"line":661,"wp_function":662},"n3",{"id":701,"type":654,"label":702,"file":368,"line":703},"n4","$_POST (x2)",437,{"id":705,"type":659,"label":706,"file":368,"line":549,"wp_function":707},"n5","echo() [XSS]","echo",{"id":709,"type":654,"label":684,"file":368,"line":685},"n6",{"id":711,"type":659,"label":673,"file":368,"line":687,"wp_function":675},"n7",[713,714,715,716],{"from":653,"to":658,"sanitized":411},{"from":697,"to":699,"sanitized":411},{"from":701,"to":705,"sanitized":411},{"from":709,"to":711,"sanitized":411},{"summary":718,"deductions":719},"The \"user-submitted-posts\" plugin, with version v20260217, presents a mixed security posture. On the positive side, the static analysis reveals good practices in several key areas. All identified AJAX handlers and REST API routes appear to have authentication checks, and SQL queries are exclusively using prepared statements, which significantly mitigates SQL injection risks. The presence of nonce and capability checks further strengthens its defenses against common web attacks.\n\nHowever, concerns arise from the plugin's vulnerability history, which shows a substantial number of known CVEs (12 total), including 2 critical and 3 high-severity issues. The common vulnerability types like Incorrect Authorization, Open Redirect, Cross-site Scripting, and Unrestricted File Upload indicate recurring weaknesses in input validation and access control. While there are currently no unpatched CVEs, the sheer volume and severity of past vulnerabilities suggest a historical pattern of security oversights. Furthermore, the taint analysis identified one flow with an unsanitized path, though it was not classified as critical or high severity, it still represents a potential, albeit low-level, risk that should be addressed.\n\nIn conclusion, while the current version has implemented some robust security measures, the plugin's past security record is a significant red flag. The potential for critical and high-severity vulnerabilities to re-emerge, coupled with the single unsanitized path identified in the taint analysis, means that users should exercise caution. Continuous monitoring for new vulnerabilities and thorough code audits are recommended for this plugin.",[720,723,725,727],{"reason":721,"points":722},"High number of historical CVEs (2 critical, 3 high)",15,{"reason":724,"points":605},"Taint flow with unsanitized path",{"reason":726,"points":88},"73% output escaping (27% unescaped)",{"reason":728,"points":449},"12 total known CVEs","2026-03-16T17:36:10.150Z",{"wat":731,"direct":740},{"assetPaths":732,"generatorPatterns":735,"scriptPaths":736,"versionParams":737},[733,734],"\u002Fwp-content\u002Fplugins\u002Fuser-submitted-posts\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fuser-submitted-posts\u002Fjs\u002Fusp-scripts.js",[],[734],[738,739],"user-submitted-posts\u002Fcss\u002Fstyle.css?ver=","user-submitted-posts\u002Fjs\u002Fusp-scripts.js?ver=",{"cssClasses":741,"htmlComments":743,"htmlAttributes":750,"restEndpoints":753,"jsGlobals":754,"shortcodeOutput":756},[742],"usp_form",[744,745,746,747,748,749],"\u003C!-- USP Plugin START -->","\u003C!-- USP Plugin END -->","\u003C!-- USP Form START -->","\u003C!-- USP Form END -->","\u003C!-- USP Post START -->","\u003C!-- USP Post END -->",[751,752],"data-usp-action","data-usp-id",[],[755],"usp_vars",[757,758,759,760,761],"[user-submitted-posts]","[usp_form]","[usp_login]","[usp_logout]","[usp_myposts]"]