WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss, CVE-2025-14047

CVE, Research URL: CVE-2025-14047
Home page URL: Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss
Application: WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss
Published on: Jan 02, 2026
Research Description: The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to, and including, 4.2.4. This makes it possible for unauthenticated attackers to delete attachment.
Affected versions: max 4.2.5.
Status: vulnerable

WP User Frontend &#8211; Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss, CVE-2025-14047