PT-2026-44179 · Dynamiapps · Frontend Admin
Tiago Ventura
·
Published
2026-05-28
·
Updated
2026-05-29
·
CVE-2026-7802
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Frontend Admin by DynamiApps versions prior to 3.29.3
Description
An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers with subscriber-level access or higher can overwrite an administrator's profile fields, including
user pass, user email, first name, and last name, by providing an arbitrary user id value. This allows for full administrator account takeover through direct password replacement or email-redirect password resets. This issue occurs when the Edit-User form has its 'Roles' configuration setting left empty; if a non-empty roles list is configured, the load data() function sets the user ID to 'none' for unauthorized users, preventing the targeting of administrators.Recommendations
Update the plugin to a version later than 3.29.2.
As a temporary mitigation, ensure the 'Roles' configuration setting in the Edit-User form is not left empty to prevent unauthorized users from targeting administrator accounts via the
load data() function.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frontend Admin