cleantalk
Vulnerabilities and Security Researches

Postem Ipsum, CVE-2025-14397

CVE, Research URL

CVE-2025-14397

Home page URL

Security reports for Postem Ipsum

Application

Postem Ipsum

Published on
Dec 13, 2025
Research Description
The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postem_ipsum_generate_users() function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary user accounts with the administrator role.
Affected versions
max 3.0.1.
Status
vulnerable
Previous vulnerability researches
BeerXML Shortcode (CVE-2025-46511) , Apr 26, 2025
New vulnerability
WPForms Google Sheet Connector (CVE-2025-67570) , Jan 11, 2026
Contact Form Email (CVE-2025-10019) , Jan 11, 2026
WING WordPress Migrator (CVE-2025-52835) , Jan 10, 2026
WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress (CVE-2025-66074) , Jan 10, 2026
1180px Shortcodes (CVE-2025-14114) , Jan 10, 2026