CVE-2026-1296

Frontend Post Submission Manager Lite <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter

Description

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_password function. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action such as clicking on a link.

INFO

Published Date :

2026-02-18T04:35:43.878Z

Last Modified :

2026-02-18T20:47:37.114Z

Source :

Wordfence

AFFECTED PRODUCTS

The following products are affected by CVE-2026-1296 vulnerability.

Vendors	Products
Wordpress	Wordpress
Wpshuffle	Frontend Post Submission Manager Lite – Frontend Posting Wordpress Plugin

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1296.

URL	Resource
https://plugins.trac.wordpress.org/browser/frontend-post-submission-manager-lite/tags/1.2.6/includes/classes/class-fpsml-shortcode.php#L108
https://plugins.trac.wordpress.org/browser/frontend-post-submission-manager-lite/trunk/includes/classes/class-fpsml-shortcode.php#L108
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3458652%40frontend-post-submission-manager-lite&new=3458652%40frontend-post-submission-manager-lite&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/92c52129-7cf5-4a1b-80a1-b01140e6a72b?source=cve

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact