CVE-2025-14913
Authorization Bypass in Frontend Post Submission Lite Allows Data Deletion
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | frontend_post_submission_manager_lite | 1.2.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14913 is a vulnerability in the Frontend Post Submission Manager Lite WordPress plugin (up to version 1.2.6) where the authorization checks for deleting media attachments are insecure. Specifically, the plugin uses an MD5 hash of the media's attachment date as a key to authorize deletion requests. Because these dates can be predictable or guessable, unauthenticated attackers can exploit this weakness to delete arbitrary media attachments without proper authorization. [1]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to delete arbitrary media attachments from a WordPress site using the vulnerable plugin. This can lead to unauthorized loss of data, potentially removing important images or files from the site, disrupting content availability and site functionality. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized deletion of media attachments via the 'media_delete_action' AJAX handler in the Frontend Post Submission Manager Lite plugin. Detection can focus on monitoring suspicious POST requests to the AJAX endpoint that include 'media_delete_action' without proper authorization. You can inspect web server logs for POST requests to admin-ajax.php with the action parameter set to 'fpsml_media_delete_action'. For example, using grep on Apache logs: `grep 'action=fpsml_media_delete_action' /var/log/apache2/access.log` or similar for your web server. Additionally, monitoring for unexpected deletions of media attachments in WordPress or unusual 403 or 200 responses to such AJAX calls may help detect exploitation attempts. Since the authorization relies on MD5 hashes of attachment dates, attempts with guessed keys might be visible in logs. No specific built-in commands are provided, but log inspection and monitoring AJAX POST requests targeting media deletion is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Update the Frontend Post Submission Manager Lite plugin to a version later than 1.2.6 if available, as the vulnerability affects all versions up to and including 1.2.6. 2. If an update is not immediately available, restrict access to the AJAX endpoints handling media deletion by implementing additional access controls, such as IP whitelisting or requiring authenticated users. 3. Monitor and audit media deletions to detect unauthorized activity. 4. Consider disabling or removing the plugin temporarily if it is not essential. These steps help prevent unauthorized media deletion exploiting the weak authorization mechanism based on predictable MD5 hashes. [1, 2]