Open Redirect Vulnerability in Frontend Posting Plugin by WordPress
CVE-2025-12569
Currently unrated
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 24 November 2025
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2025-12569?
The Frontend Posting plugin for WordPress, prior to version 5.0.0, contains an Open Redirect vulnerability due to inadequate validation of user parameters. This flaw allows attackers to manipulate redirect URLs, potentially leading users to malicious domains without their knowledge. Such vulnerabilities can be exploited to steal user credentials or distribute malware, posing a significant security risk to the WordPress community.
Affected Version(s)
Guest posting / Frontend Posting / Front Editor 0 < 5.0.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.