cleantalk
Vulnerabilities and Security Researches

Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite, CVE-2025-14913

CVE, Research URL

CVE-2025-14913

Home page URL

Security reports for Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite

Application

Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite

Published on
Dec 26, 2025
Research Description
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'media_delete_action' function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to delete arbitrary attachments.
Affected versions
max 1.2.7.
Status
vulnerable
Previous vulnerability researches
Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite (CVE-2026-1296) , Apr 14, 2026
Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite (CVE-2025-14913) , Jan 11, 2026
Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite (CVE-2025-14080) , Jan 11, 2026
Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite (CVE-2024-8427) , Sep 07, 2024
New vulnerability
Photo Gallery by 10Web – Mobile-Friendly Image Gallery (CVE-2026-1036) , Apr 15, 2026
Secure Copy Content Protection and Content Locking (CVE-2026-1320) , Apr 15, 2026
Secure Copy Content Protection and Content Locking (CVE-2026-2367) , Apr 15, 2026
Post Grid, Post Carousel, & List Category Posts – by Smart Post Show (CVE-2026-3017) , Apr 15, 2026
Japanized For WooCommerce (CVE-2026-1305) , Apr 15, 2026