PT-2026-41274 · Dynamiapps · Frontend Admin

Colin Xu

·

Published

2026-05-15

·

Updated

2026-06-22

·

CVE-2026-6228

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.28.37
Description Insufficient authorization checks in the role field update mechanism and overly permissive capabilities for the admin form post type allow for privilege escalation. The admin form custom post type uses capability type set to page, enabling editors to create and edit forms. By submitting POST data to the 'wp-admin/post.php' endpoint, an editor can bypass UI restrictions in feadmin get user roles() to include 'administrator' in the role options array of an edit user form. The pre update value() function in class-role.php validates that the submitted role exists in the role options array but does not verify if the user has permission to assign that role. This allows unauthenticated attackers to register as editors via a public new user form, create an edit user form with administrator roles, and escalate their privileges to administrator.
Recommendations Update the plugin to a version later than 3.28.36.

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-6228

Affected Products

Frontend Admin