Unauthorized Data Deletion Vulnerability in Frontend Post Submission Manager Lite Plugin for WordPress
CVE-2025-14913

5.3MEDIUM

Key Information:

Vendor

WordPress
Status
Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin
Vendor
CVE Published:
25 December 2025

What is CVE-2025-14913?

The Frontend Post Submission Manager Lite Plugin for WordPress is exposed to a vulnerability that permits unauthorized users to delete attachments without proper authorization. Due to an inadequate check in the 'media_delete_action' function, all versions up to and including 1.2.6 are susceptible. This flaw can lead to significant data loss, impacting the integrity of media files managed through the plugin. Users are advised to update to the latest version to mitigate the risk.

Affected Version(s)

Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin * <= 1.2.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/frontend-post-...
https://plugins.trac.wordpress.org/changeset/3427082/fron...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Md. Moniruzzaman Prodhan
JSON
.
CVE-2025-14913 : Unauthorized Data Deletion Vulnerability in Frontend Post Submission Manager Lite Plugin for WordPress