PT-2026-1758 · Dynamiapps+1 · Frontend Admin By Dynamiapps+1
Paolo Tresso
·
Published
2026-01-09
·
Updated
2026-01-09
·
CVE-2025-14937
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Frontend Admin by DynamiApps versions up to and including 3.28.23
Description
The Frontend Admin by DynamiApps plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the
acff parameter within the 'frontend admin/forms/update field' API Endpoint. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute when a user accesses the injected page. The vulnerable parameter is acff.Recommendations
Versions prior to 3.28.23 should be updated to a later version.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frontend Admin
Frontend Admin By Dynamiapps