CVE-2025-4104

Name of the Vulnerable Software and Affected Versions Frontend Dashboard plugin for WordPress versions 1.0 through 2.2.6

Description The Frontend Dashboard plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the fed wp ajax fed login form post() function. This allows unauthenticated attackers to reset the administrator's email and password, and elevate their privileges to that of an administrator.

Recommendations For versions 1.0 through 2.2.6, consider disabling the fed wp ajax fed login form post() function until a patch is available to prevent exploitation. Restrict access to the administrator's account and monitor for any suspicious activity. Update to a version that includes a fix for this issue as soon as it becomes available.