Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
WordPress Frontend Post Submission Manager Lite plugin redirects users to malicious sites
CVE-2026-1296
Summary
The Frontend Post Submission Manager Lite plugin for WordPress is affected by a bug that could allow attackers to trick users into visiting fake websites. This happens when an attacker sends a specific request to the plugin, which can redirect users to a different website. To stay safe, update the plugin to the latest version.
Original title
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' P...
Original description
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_password function. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action such as clicking on a link.
nvd CVSS3.1
6.1
Vulnerability type
CWE-601
Open Redirect
- https://plugins.trac.wordpress.org/browser/frontend-post-submission-manager-lite...
- https://plugins.trac.wordpress.org/browser/frontend-post-submission-manager-lite...
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/92c52129-7cf5-4a1b-80a...
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026