CVE-2024-3729

Name of the Vulnerable Software and Affected Versions The Frontend Admin by DynamiApps plugin for WordPress versions up to, and including, 3.19.4

Description The issue is related to improper missing encryption exception handling on the fea encrypt function. This allows unauthenticated attackers to manipulate user processing forms, potentially leading to privilege escalation by adding or editing administrator users, authentication bypass by automatically logging in users, or injecting arbitrary web scripts through the post processing form. The exploitation of this issue is conditional on the 'openssl' php extension not being loaded on the server.

Recommendations For versions up to, and including, 3.19.4, update to a version higher than 3.19.4 to resolve the issue. As a temporary workaround, consider disabling the fea encrypt function until a patch is available. Ensure the 'openssl' php extension is loaded on the server to prevent exploitation.