PT-2026-41274 · Dynamiapps · Frontend Admin
Colin Xu
·
Published
2026-05-15
·
Updated
2026-06-22
·
CVE-2026-6228
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Frontend Admin by DynamiApps versions prior to 3.28.37
Description
Insufficient authorization checks in the role field update mechanism and overly permissive capabilities for the
admin form post type allow for privilege escalation. The admin form custom post type uses capability type set to page, enabling editors to create and edit forms. By submitting POST data to the 'wp-admin/post.php' endpoint, an editor can bypass UI restrictions in feadmin get user roles() to include 'administrator' in the role options array of an edit user form. The pre update value() function in class-role.php validates that the submitted role exists in the role options array but does not verify if the user has permission to assign that role. This allows unauthenticated attackers to register as editors via a public new user form, create an edit user form with administrator roles, and escalate their privileges to administrator.Recommendations
Update the plugin to a version later than 3.28.36.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frontend Admin