CVE-2024-8268

Name of the Vulnerable Software and Affected Versions: Frontend Dashboard plugin for WordPress versions up to, and including, 2.2.4

Description: The issue is related to insufficient filtering on callable methods/functions via the ajax request() function, allowing authenticated attackers with subscriber-level access and above to call arbitrary functions. This can be leveraged for privilege escalation by changing user's passwords.

Recommendations: For versions up to, and including, 2.2.4, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the ajax request() function to minimize the risk of exploitation. Additionally, restrict the ability to call arbitrary functions to prevent privilege escalation.