{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2874", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-27T14:51:27.637Z", "datePublished": "2025-04-03T07:21:22.448Z", "dateUpdated": "2026-04-08T17:05:47.163Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:05:47.163Z"}, "affected": [{"vendor": "specialk", "product": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "20241026", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20240319 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "title": "User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b212a1a-0e2b-4327-93b5-398bd7a36b5c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3263067%40user-submitted-posts&new=3263067%40user-submitted-posts&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Quang Bach"}], "timeline": [{"time": "2025-04-02T18:47:46.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-03T19:10:23.864544Z", "id": "CVE-2025-2874", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-03T19:10:35.580Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2874", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-03T19:10:23.864544Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-03T19:10:30.598Z"}}], "cna": {"title": "User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Quang Bach"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "specialk", "product": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "20241026"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-02T18:47:46.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b212a1a-0e2b-4327-93b5-398bd7a36b5c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3263067%40user-submitted-posts&new=3263067%40user-submitted-posts&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20240319 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-03T07:21:22.448Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2874", "state": "PUBLISHED", "dateUpdated": "2025-04-03T19:10:35.580Z", "dateReserved": "2025-03-27T14:51:27.637Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-03T07:21:22.448Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20240319 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}, {"lang": "es", "value": "El complemento User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta la 20240319 incluida, debido a una depuraci\u00f3n de entrada y al escape de salida insuficiente. Esto permite a atacantes autenticados, con permisos de administrador o superiores, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada. Esto solo afecta a instalaciones multisitio y a instalaciones donde se ha deshabilitado unfiltered_html."}], "id": "CVE-2025-2874", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-03T08:15:16.470", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3263067%40user-submitted-posts&new=3263067%40user-submitted-posts&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b212a1a-0e2b-4327-93b5-398bd7a36b5c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:30:11.950111+00:00", "value": {"mitigation_remediation": ["Update the User Submitted Posts plugin to version 20241026 or later. This version removes the input sanitization bug and properly escapes output.", "Restrict access to the plugin\u2019s admin settings to a minimal set of trusted administrators, and remove or reassign user roles that are not essential for managing the plugin.", "Disable the plugin on multi\u2011site installations until the vulnerability can be addressed, or consider disabling multi\u2011site if it is not required for your environment."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "WordPress sites running any version of the User Submitted Posts plugin up to and including 20240319. The issue only manifests on multi\u2011site installations and on installations where the unfiltered_html capability is turned off. Administrators or users with equivalent permissions who modify the plugin\u2019s settings are the primary entry point.", "description_and_impact": "The vulnerability is a stored XSS flaw in the User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End plugin for WordPress. A flaw in the admin settings causes the plugin to store unsanitized input and subsequently output it without proper escaping. An attacker who has administrator\u2011level permissions and access to the plugin\u2019s configuration can inject arbitrary JavaScript that will execute when any user visits a page containing the injected content. This could be used for phishing, session hijacking, or delivering malware to site visitors. The weakness is a classic example of input validation and output encoding failure (CWE\u201179).", "risk_and_exploitability": "The CVSS score of 4.4 indicates moderate severity. The EPSS score of less than 1% suggests a very low probability of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. Because it requires an authenticated administrator account, the attack vector is an internal threat or an attacker who has gained privileged access. The exploit would involve logging into the site, navigating to the plugin\u2019s admin settings, and injecting malicious code that will persist in stored posts and run on every page visit by any user who views those posts."}}}}, "created": "2025-07-12T15:26:07.329367+00:00", "updated": "2026-04-21T21:30:45.750377+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}