CVE-2025-14080
Missing Authorization in Frontend Post Submission Manager Lite Allows Post Modification
Publication date: 2025-12-21
Last updated on: 2025-12-21
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | frontend_post_submission_manager_lite | 1.2.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in CVE-2025-14080 affects the Frontend Post Submission Manager Lite WordPress plugin (up to version 1.2.5). It is a Missing Authorization flaw in the AJAX post update functionality handled by the fpsml_form_process action. Due to insufficient authorization checks, unauthenticated attackers can submit a post_id parameter via the guest posting form and modify arbitrary posts. This allows them to change post titles, content, excerpts, and remove post authors without proper permissions. The vulnerability arises despite nonce verification, captcha validation, and sanitization steps, indicating a flaw in how authorization is enforced for post updates via AJAX requests. [1, 3]
How can this vulnerability impact me? :
This vulnerability can allow unauthenticated attackers to modify any post on a WordPress site using the vulnerable plugin. They can change post titles, content, excerpts, and remove or alter post authorship. This can lead to content defacement, misinformation, loss of content integrity, and potential reputational damage. Since attackers do not need to be logged in, the risk of unauthorized content manipulation is significant, potentially affecting site trustworthiness and user experience. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring AJAX requests to the WordPress site targeting the Frontend Post Submission Manager Lite plugin's AJAX handler, specifically requests to the `ajax-process-form.php` endpoint with the `fpsml_form_process` action. Look for POST requests containing a `post_id` parameter in the `form_data` payload from unauthenticated users, which should normally be denied. Commands to detect such attempts could include using curl to simulate or inspect requests, for example: `curl -X POST -d 'action=fpsml_form_process&form_data=post_id=123&other_fields=...' https://yourwordpresssite.com/wp-admin/admin-ajax.php` and checking for unauthorized success responses. Additionally, network monitoring tools like Wireshark or intrusion detection systems can be configured to alert on suspicious POST requests to `admin-ajax.php` with `fpsml_form_process` action and `post_id` parameters from unauthenticated sources. Reviewing web server logs for such patterns can also help detect exploitation attempts. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Frontend Post Submission Manager Lite plugin to version 1.2.6 or later, where fixes and improvements have been applied. If updating is not immediately possible, restrict access to the AJAX handler by implementing additional authorization checks or firewall rules to block unauthenticated POST requests containing a `post_id` parameter to the `fpsml_form_process` action. Also, ensure that WordPress and all plugins are kept up to date, and consider disabling or limiting guest posting functionality until the vulnerability is patched. Monitoring and alerting on suspicious AJAX requests as described can help detect exploitation attempts early. [2]