CVE-2025-14080 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2025-14080?

CVE-2025-14080 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows unauthenticated attackers to modify any WordPress post by exploiting missing authorization checks in the Frontend Post Submission Manager Lite plugin. Attackers can change post titles, content, excerpts, and remove authors without authentication. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to modify any WordPress post by exploiting missing authorization checks in the Frontend Post Submission Manager Lite plugin. Attackers can change post titles, content, excerpts, and remove authors without authentication. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Frontend Post Submission Manager Lite WordPress plugin

Versions: All versions up to and including 1.2.5

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Any WordPress site with the vulnerable plugin enabled is affected regardless of configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could deface entire websites, inject malicious content, delete legitimate posts, or compromise site integrity by modifying critical content.

🟠

Likely Case

Website defacement, content manipulation, SEO poisoning, or injection of malicious links/scripts into posts.

🟢

If Mitigated

Limited impact if proper web application firewalls and monitoring are in place to detect unauthorized post modifications.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted AJAX requests to the fpsml_form_process endpoint with post_id parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 1.2.5

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3419835%40frontend-post-submission-manager-lite&new=3419835%40frontend-post-submission-manager-lite&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'Frontend Post Submission Manager Lite'. 4. Click 'Update Now' if update available. 5. If no update, deactivate and delete plugin, then install latest version from WordPress repository.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Frontend Post Submission Manager Lite plugin until patched.

wp plugin deactivate frontend-post-submission-manager-lite

Block AJAX endpoint

linux

Use web application firewall or .htaccess to block access to the vulnerable AJAX endpoint.

# Add to .htaccess: RewriteRule ^wp-admin/admin-ajax\.php.*fpsml_form_process - [F,L]

🧯 If You Can't Patch

Implement strict web application firewall rules to block unauthorized AJAX requests to admin-ajax.php
Enable detailed logging of all post modification activities and monitor for unauthorized changes

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Frontend Post Submission Manager Lite version. If version is 1.2.5 or lower, you are vulnerable.

Check Version:

wp plugin get frontend-post-submission-manager-lite --field=version

Verify Fix Applied:

After update, verify plugin version is higher than 1.2.5. Test by attempting unauthorized post modification (in controlled environment).

📡 Detection & Monitoring

Log Indicators:

Unauthorized POST requests to /wp-admin/admin-ajax.php with action=fpsml_form_process
Unexpected post modifications from unauthenticated users
Multiple failed authorization attempts on post update functions

Network Indicators:

HTTP POST requests to admin-ajax.php with fpsml_form_process parameter from unauthenticated sources
Unusual spike in AJAX requests to WordPress backend

SIEM Query:

source="wordpress.log" AND ("admin-ajax.php" AND "fpsml_form_process") AND NOT (authenticated_user=*)

📊 Metadata

CVE ID: CVE-2025-14080

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-862

EPSS Score: 0.09% exploit probability (25.7th percentile)

Published: December 21, 2025

Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14080, you might also want to check these: