cleantalk
Vulnerabilities and Security Researches

PublishPress Future: Schedule Changes to WordPress Posts, CVE-2025-14718

CVE, Research URL

CVE-2025-14718

Home page URL

Security reports for PublishPress Future: Schedule Changes to WordPress Posts

Application

PublishPress Future: Schedule Changes to WordPress Posts

Published on
Jan 09, 2026
Research Description
The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Contributor-level access and above, to create, update, delete, and publish malicious workflows that may automatically delete any post upon publication or update, including posts created by administrators.
Affected versions
max 4.9.4.
Status
vulnerable
Previous vulnerability researches
Social Photo Gallery (CVE-2019-14467) , Jun 06, 2024
Photo Gallery ( Responsive ) (CVE-2025-27276) , Feb 26, 2025
Image Gallery – Responsive Photo Gallery (CVE-2025-24697) , Feb 05, 2025
Image Gallery – Responsive Photo Gallery (CVE-2024-12403) , Jan 16, 2025
ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 (CVE-2023-1427) , Jun 06, 2024
New vulnerability
AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply. (CVE-2023-33999) , Jun 14, 2026
Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider (CVE-2024-50502) , Jun 14, 2026
Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider (CVE-2023-33999) , Jun 14, 2026
WP Sessions Time Monitoring Full Automatic (CVE-2022-4974) , Jun 14, 2026
WP Sessions Time Monitoring Full Automatic (CVE-2023-33999) , Jun 14, 2026