CVE-2025-14741
Frontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form ElementThe Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'delete_object' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated attackers to delete arbitrary posts, pages, products, taxonomy terms, and user accounts.
We have discovered 1,354 live websites that are affected by CVE-2025-14741.
Affected Software
| Product |  Acf Frontend Form Element |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1,354 live websites (93% of Acf Frontend Form Element install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 62 versions ( 82% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Jan 9, 2026
- Updated - Jan 9, 2026
Credits
- andrea bocchetti (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-14741 United States | 386 websites |
 Germany | 132 websites |
 France | 111 websites |
 GB | 66 websites |
 Spain | 51 websites |
 Brazil | 42 websites |
 Japan | 42 websites |
 Italy | 39 websites |
 Switzerland | 33 websites |
 Denmark | 33 websites |
Website Distribution by TLD
Number of websites using CVE-2025-14741| .com | 484 websites |
| .org | 124 websites |
| .fr | 63 websites |
| .de | 61 websites |
| .com.br | 37 websites |
| .net | 36 websites |
| .co.uk | 33 websites |
| .nl | 27 websites |
| .ch | 26 websites |
| .it | 24 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-14741
Top websites that are affected by CVE-2025-14741. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.jp | Japan | **,*** | |
| *************.cu |  Cuba | **,*** | |
| *************.**.jp | Japan | ***,*** | |
| *****************.org | Italy | ***,*** | |
| ********.**.jp | Japan | ***,*** | |
| **************.org | United States | ***,*** | |
| **********.jp | Japan | ***,*** | |
| ***********.com | United States | ***,*** | |
| *******.**.jp | Japan | ***,*** | |
| **************.com | United States | ***,*** |
FAQ
CVE-2025-14741 is Missing Authorization in Acf Frontend Form Element
A total of 1,354 websites have been identified as vulnerable to CVE-2025-14741, based on global website indexing conducted by WebTechSurvey.
The Acf Frontend Form Element is affected by the CVE-2025-14741 vulnerability.
Acf Frontend Form Element versions up to and including 3.28.25 are vulnerable to CVE-2025-14741.