{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14397", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-10T00:29:21.258Z", "datePublished": "2025-12-13T04:31:22.541Z", "dateUpdated": "2026-04-08T16:41:42.941Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:41:42.941Z"}, "affected": [{"vendor": "franciscopalacios", "product": "Postem Ipsum", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postem_ipsum_generate_users() function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary user accounts with the administrator role."}], "title": "Postem Ipsum <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation in postem_ipsum_generate_users", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/229c146d-3f99-4f63-9a6f-997075846815?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/postem-ipsum/trunk/admin/postem-ipsum-admin.php#L1150"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-12-12T16:05:44.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-15T15:21:18.990884Z", "id": "CVE-2025-14397", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T15:34:31.743Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14397", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-15T15:21:18.990884Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T15:21:20.064Z"}}], "cna": {"title": "Postem Ipsum <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation in postem_ipsum_generate_users", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "franciscopalacios", "product": "Postem Ipsum", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-12T16:05:44.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/229c146d-3f99-4f63-9a6f-997075846815?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/postem-ipsum/trunk/admin/postem-ipsum-admin.php#L1150"}], "descriptions": [{"lang": "en", "value": "The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postem_ipsum_generate_users() function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary user accounts with the administrator role."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-13T04:31:22.541Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14397", "state": "PUBLISHED", "dateUpdated": "2025-12-15T15:34:31.743Z", "dateReserved": "2025-12-10T00:29:21.258Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-13T04:31:22.541Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postem_ipsum_generate_users() function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary user accounts with the administrator role."}], "id": "CVE-2025-14397", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-13T16:16:49.413", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/postem-ipsum/trunk/admin/postem-ipsum-admin.php#L1150"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/229c146d-3f99-4f63-9a6f-997075846815?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T16:08:59.673723+00:00", "value": {"mitigation_remediation": ["Upgrade Postem Ipsum to 3.0.2 or later where the capability check has been added", "If an immediate upgrade is not possible, remove or comment out the postem_ipsum_generate_users function in the plugin\u2019s code to prevent its execution", "Enforce stricter role permissions by ensuring only administrators can access any user\u2011generation functionalities", "Monitor the site for sudden creation of administrator accounts and roll back any unauthorized changes"], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation to Administrator"}, "threat_synthesis": {"affected_systems": "Vendor: franciscopalacios; Product: Postem Ipsum. Versions 3.0.1 and all earlier releases are vulnerable. No further sub\u2011versions or product variations are listed, so all builds up to and including 3.0.1 should be considered affected.", "description_and_impact": "The Postem Ipsum plugin contains a missing capability check in the postem_ipsum_generate_users() function, allowing an authenticated user with Subscriber-level access or higher to create new user accounts with administrator privileges. This flaw enables attackers to elevate their privileges and compromise the integrity of the WordPress site, without affecting availability or confidentiality directly. The vulnerability is a classic privilege escalation via inadequate authorization control (CWE\u2011862).", "risk_and_exploitability": "The CVSS score of 8.8 classifies the issue as critical severity, yet the EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The lack of a KEV listing further suggests limited current exploitation activity. An attacker would need to be authenticated as a Subscriber or higher role and possess access to the WordPress dashboard or API to trigger the vulnerable function, so the attack vector is local to a logged\u2011in user. Given the high impact and sufficient authentication prerequisites, the risk to affected installations is moderate to high, especially on sites that grant Subscriber access. The risk is mitigated by disabling the vulnerable function or applying the vendor\u2019s fix."}}}}, "created": "2025-12-14T21:14:59.938218+00:00", "updated": "2026-04-22T16:15:21.790415+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}