Open Redirection Vulnerability in Frontend Post Submission Manager Lite for WordPress
CVE-2026-1296

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin
Vendor: CVE Published:; 18 February 2026

What is CVE-2026-1296?

The Frontend Post Submission Manager Lite plugin for WordPress contains a vulnerability that permits open redirection due to inadequate validation of the 'requested_page' parameter in its verify_username_password function. This flaw allows unauthenticated attackers to manipulate users into visiting malicious sites by exploiting social engineering tactics, such as sending deceptive links. Consequently, it poses risks to user security and could lead to further malicious exploitation if not remedied promptly.

Affected Version(s)

Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin 1.0.0 <= 1.2.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/frontend-post-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2026
Vulnerability Reserved
Jan 21, 2026

Credit

Kenneth Dunn

CVE-2026-1296 Data

JSON