CVE-2025-14937

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions up to and including 3.28.23

Description The Frontend Admin by DynamiApps plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the acff parameter within the 'frontend admin/forms/update field' API Endpoint. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute when a user accesses the injected page. The vulnerable parameter is acff.

Recommendations Versions prior to 3.28.23 should be updated to a later version.