CVE-2025-4474

Name of the Vulnerable Software and Affected Versions Frontend Dashboard plugin for WordPress versions 1.0 through 2.2.7

Description The issue is related to a missing capability check on the fed admin setting form function() function. This allows authenticated attackers with Subscriber-level access and above to overwrite the plugin's 'register' role setting, making new user registrations default to the administrator role. This results in an elevation of privileges to that of an administrator.

Recommendations For versions 1.0 through 2.2.7, as a temporary workaround, consider disabling the fed admin setting form function() function until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.