CVE-2025-14718

Name of the Vulnerable Software and Affected Versions PublishPress Future versions through 4.9.3

Description The Schedule Post Changes With PublishPress Future plugin for WordPress has an authorization bypass issue. The plugin does not properly verify user authorization, allowing authenticated attackers with Contributor-level access or higher to create, update, delete, and publish malicious workflows. These workflows can automatically delete any post upon publication or update, potentially including posts created by administrators.

Recommendations Update PublishPress Future to a version later than 4.9.3.