PT-2026-1752 · Dynamiapps+1 · Frontend Admin+1
Andrea Bocchetti
·
Publicado
2026-01-09
·
Atualizado
2026-01-23
·
CVE-2025-14736
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Frontend Admin by DynamiApps versions through 3.28.25
Description
The Frontend Admin by DynamiApps plugin for WordPress has a flaw that allows unauthenticated attackers to register as administrators and gain complete control of a site. This is possible because user-supplied role values are not adequately validated in the
validate value, pre update value, and get fields display functions. An attacker needs access to a user registration form that includes a Role field to exploit this issue.Recommendations
Versions prior to 3.28.25 should be updated.
Correção
LPE
Improper Privilege Management
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Frontend Admin
Wordpress