{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14047", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-04T16:37:13.476Z", "datePublished": "2026-01-02T01:48:19.898Z", "dateUpdated": "2026-04-08T16:59:43.442Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:43.442Z"}, "affected": [{"vendor": "wedevs", "product": "User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.2.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to, and including, 4.2.4. This makes it possible for unauthenticated attackers to delete attachment."}], "title": "WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e95b16f-a25a-45c7-a875-2d34a1e127ce?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3430352/wp-user-frontend/trunk/includes/Ajax/Frontend_Form_Ajax.php"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax.php#L25"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax.php#L69"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax/Frontend_Form_Ajax.php#L35"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax/Frontend_Form_Ajax.php#L55"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax/Frontend_Form_Ajax.php#L133"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Angus Girvan"}], "timeline": [{"time": "2025-12-18T17:47:15.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-01-01T13:23:01.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-05T20:32:35.198196Z", "id": "CVE-2025-14047", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-05T20:39:40.539Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14047", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-05T20:32:35.198196Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-05T20:32:35.839Z"}}], "cna": {"title": "WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Angus Girvan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "tareq1988", "product": "User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.2.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-18T17:47:15.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-01-01T13:23:01.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e95b16f-a25a-45c7-a875-2d34a1e127ce?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3430352/wp-user-frontend/trunk/includes/Ajax/Frontend_Form_Ajax.php"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax.php#L25"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax.php#L69"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax/Frontend_Form_Ajax.php#L35"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax/Frontend_Form_Ajax.php#L55"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax/Frontend_Form_Ajax.php#L133"}], "descriptions": [{"lang": "en", "value": "The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to, and including, 4.2.4. This makes it possible for unauthenticated attackers to delete attachment."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-01-02T01:48:19.898Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14047", "state": "PUBLISHED", "dateUpdated": "2026-01-05T20:39:40.539Z", "dateReserved": "2025-12-04T16:37:13.476Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-02T01:48:19.898Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to, and including, 4.2.4. This makes it possible for unauthenticated attackers to delete attachment."}, {"lang": "es", "value": "El plugin de Registro, Perfil de Usuario, Membres\u00eda, Restricci\u00f3n de Contenido, Directorio de Usuarios y Env\u00edo de Publicaciones desde el Frontend \u2013 WP User Frontend para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a una comprobaci\u00f3n de capacidad faltante en la funci\u00f3n 'Frontend_Form_Ajax::submit_post' en todas las versiones hasta la 4.2.4, inclusive. Esto hace posible que atacantes no autenticados eliminen archivos adjuntos."}], "id": "CVE-2025-14047", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-02T03:15:50.757", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax.php#L25"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax.php#L69"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax/Frontend_Form_Ajax.php#L133"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax/Frontend_Form_Ajax.php#L35"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.2/includes/Ajax/Frontend_Form_Ajax.php#L55"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3430352/wp-user-frontend/trunk/includes/Ajax/Frontend_Form_Ajax.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e95b16f-a25a-45c7-a875-2d34a1e127ce?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T16:52:57.084896+00:00", "value": {"mitigation_remediation": ["Upgrade the WP User Frontend plugin to the latest available release that includes the capability check for attachment deletion.", "If an upgrade is not immediately possible, restrict access to the affected AJAX action by configuring WordPress to require authenticated caps or by removing the action entirely from unprivileged users.", "When the plugin is not essential for the site\u2019s functionality, disable or uninstall it to eliminate the attack surface."], "summary": {"action": "Apply Patch", "impact": "Unauthorized attachment deletion"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in all releases of the WP User Frontend plugin up to and including version 4.2.4 distributed by WeDevs. WordPress sites that install this plugin and expose the associated AJAX endpoint are susceptible to the issue. Users who rely on the frontend form submission feature for content posting, user registration, or profile management are directly impacted.", "description_and_impact": "The WP User Frontend plugin is affected by a missing capability check in the 'Frontend_Form_Ajax::submit_post' function, allowing attackers to delete attachments without authentication. This flaw means a malicious actor could permanently remove media files attached to posts or user profiles, disrupting content availability and potentially erasing critical evidence or assets. The weakness corresponds to CWE-862, reflecting an authorization failure within the application.", "risk_and_exploitability": "The calculated CVSS severity of 5.3 reflects moderate impact; the EPSS score of less than 1% indicates a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a web-based request to the unsecured AJAX action that triggers the deletion logic. Successful exploitation would require sending the appropriate POST payload to the endpoint, which could be automated, but no special local privilege or network segmentation is needed."}}}}, "created": "2026-01-05T10:14:16.416932+00:00", "updated": "2026-04-21T17:00:12.321021+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}