cleantalk
Vulnerabilities and Security Researches

Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite, CVE-2025-14080

CVE, Research URL

CVE-2025-14080

Home page URL

Security reports for Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite

Application

Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite

Published on
Dec 21, 2025
Research Description
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsml_form_process AJAX action. This makes it possible for unauthenticated attackers to modify arbitrary posts by providing a post_id parameter via the guest posting form, allowing them to change post titles, content, excerpts, and remove post authors.
Affected versions
max 1.2.6.
Status
vulnerable
Previous vulnerability researches
Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite (CVE-2026-1296) , Apr 14, 2026
Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite (CVE-2025-14913) , Jan 11, 2026
Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite (CVE-2025-14080) , Jan 11, 2026
Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite (CVE-2024-8427) , Sep 07, 2024
New vulnerability
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX (CVE-2026-1273) , Apr 15, 2026
PDF Invoices & Packing Slips for WooCommerce (CVE-2026-1906) , Apr 15, 2026
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2026-4109) , Apr 15, 2026
User Submitted Posts – Enable Users to Submit Posts from the Front End (CVE-2026-2126) , Apr 15, 2026
User Submitted Posts – Enable Users to Submit Posts from the Front End (CVE-2026-0913) , Apr 15, 2026