What the vulnerability does
01Description
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the `usp_get_submitted_category()` function accepting user-submitted category IDs from the POST body without validating them against the admin-configured allowed categories stored in `usp_options['categories']`. This makes it possible for unauthenticated attackers to assign submitted posts to arbitrary categories, including restricted ones, by crafting a direct POST request with manipulated `user-submitted-category[]` values, bypassing the frontend category restrictions.
Explanation of Vulnerability in Simple Terms
02Summary
User Submitted Posts plugin for WordPress contains an authorization flaw that allows unauthenticated attackers to modify post content over the network. The vulnerability affects all versions up to 20260113. An attacker can alter posts without proper permission checks, potentially defacing site content or injecting malicious material. Site administrators should update to a version newer than the affected range.
What an attacker can do
03Attacker Capabilities
Modify or alter post content without authentication or authorization.
Potential impact on your site
04Site Impact
Posts can be altered by unauthorized users, risking content defacement or injection of malicious material.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
February 18, 2026
CVE published
April 8, 2026
Record updated
