CVE-2025-13419 Guest posting / Frontend Posting / Front Editor – WP Front User Submit <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion

The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it possibl...

CVE-2025-13419 Guest posting / Frontend Posting / Front Editor – WP Front User Submit <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion

The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it possibl...

PT-2026-1602

Name of the Vulnerable Software and Affected Versions WP Front User Submit plugin for WordPress versions up to and including 5.0.0 Description The plugin is susceptible to unauthorized data modification because of a missing capability check on the /wp-json/bfe/v1/revert API endpoint. This allows...

PT-2025-45065

Name of the Vulnerable Software and Affected Versions Features plugin for WordPress versions up to and including 0.0.2 Description The Features plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the features revert option API...