CVE-2025-14047
Unauthorized Data Deletion in WP User Frontend via Missing Capability Check
Publication date: 2026-01-02
Last updated on: 2026-01-02
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | wp_user_frontend | to 4.2.4 (inc) |
| unknown_vendor | wp_user_frontend | 4.2.2 |
| unknown_vendor | wp_user_frontend | 4.2.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the WP User Frontend WordPress plugin (up to version 4.2.4) allows unauthenticated attackers to delete attachments due to a missing capability check in the 'Frontend_Form_Ajax::submit_post' function. Essentially, the plugin did not properly verify whether a user had permission to delete attachments submitted via frontend AJAX requests, enabling unauthorized deletion of attachments. The vulnerability arises from improper access control in AJAX handlers related to post submissions and attachment deletions. [2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized loss of data, specifically attachments associated with posts, because attackers without authentication can delete attachments. This could result in loss of important media files, disruption of website content, and potential damage to the integrity of user-submitted content on the affected WordPress site.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability on your system, you can check if the installed version of the WP User Frontend plugin is at or below version 4.2.4, which is vulnerable. Additionally, monitoring AJAX requests to the 'wpuf_submit_post' endpoint for unauthorized attachment deletion attempts can help detect exploitation attempts. Since the vulnerability involves missing capability checks in the 'submit_post' AJAX function, you can look for suspicious POST requests to this endpoint from unauthenticated users. Specific commands could include using network monitoring tools like tcpdump or Wireshark to filter HTTP POST requests to the WordPress AJAX handler (usually wp-admin/admin-ajax.php) with the action parameter 'wpuf_submit_post'. For example, using tcpdump: tcpdump -i any -A -s 0 'tcp port 80 or tcp port 443' | grep 'wpuf_submit_post' or using grep on web server logs to find POST requests containing 'action=wpuf_submit_post'. However, no exact commands are provided in the resources. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the WP User Frontend plugin to version 4.2.5 or later, where the vulnerability is fixed by adding proper authorization checks in the 'submit_post' AJAX handler to prevent unauthorized attachment deletion. The update introduces checks to ensure only authorized users (attachment authors or users with 'delete_others_posts' capability) can delete attachments. If updating immediately is not possible, restricting access to the AJAX endpoints related to post submission and attachment deletion for unauthenticated users via web server rules or firewall policies can reduce risk. Additionally, monitoring and logging AJAX requests for suspicious activity is recommended. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.