CVE-2024-11721

Name of the Vulnerable Software and Affected Versions The Frontend Admin by DynamiApps plugin for WordPress versions up to, and including, 3.24.5

Description The issue is due to insufficient controls on the Role field in a form, allowing unauthenticated attackers to create new administrative user accounts. This vulnerability affects the Frontend Admin by DynamiApps plugin for WordPress, making it possible for attackers to escalate privileges even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.

Recommendations For versions up to, and including, 3.24.5, update to a version later than 3.24.5 to mitigate the risk of privilege escalation. As a temporary workaround, consider restricting access to the form that utilizes the Role field to prevent unauthenticated users from creating new administrative user accounts. Avoid providing access to the form to unauthenticated users until the issue is resolved.