Lucene search
K

33 matches found

Cvelist
Cvelist
added 2025/12/03 12:29 p.m.24 views

CVE-2025-13342 Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run save handler. This makes it...

9.8CVSS0.00464EPSS
Exploits2References2
EUVD
EUVD
added 2025/12/03 12:29 p.m.10 views

EUVD-2025-200979

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run save handler. This makes it...

9.8CVSS5.5AI score0.00464EPSS
Exploits2References3
Patchstack
Patchstack
added 2025/12/03 7:3 a.m.17 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.20 - Unauthenticated Arbitrary Options Update vulnerability

Unauthenticated Arbitrary Options Update vulnerability discovered by YCInfosec in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.20...

9.8CVSS6.7AI score0.00464EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2025/08/12 12:34 p.m.5 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Frissi0n in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.3...

8.5CVSS7.8AI score0.00251EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/25 2:16 p.m.7 views

CVE-2025-26987 WordPress Frontend Admin by DynamiApps plugin <= 3.25.17 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Reflected XSS.This issue affects Frontend Admin by DynamiApps: from n/a through = 3.25.17...

7.1CVSS8.6AI score0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/25 2:16 p.m.17 views

CVE-2025-26987 WordPress Frontend Admin by DynamiApps plugin <= 3.25.17 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Reflected XSS.This issue affects Frontend Admin by DynamiApps: from n/a through = 3.25.17...

7.1CVSS0.00286EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.5 views

WordPress plugin Frontend Admin by DynamiApps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

7.1CVSS8AI score0.00286EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/23 9:9 p.m.3 views

WordPress Frontend Admin by DynamiApps plugin <= 3.25.17 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Frontend Admin by DynamiApps versions = 3.25.17...

7.1CVSS6.1AI score0.00286EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/12/20 9:12 p.m.6 views

WordPress Frontend Admin by DynamiApps plugin <= 3.25.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Max Boll b0lli in WordPress Plugin Frontend Admin by DynamiApps versions = 3.25.1...

5.9CVSS8.1AI score0.00604EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/12/14 9:15 a.m.3 views

CVE-2024-11721

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated...

8.1CVSS7.3AI score0.0054EPSS
Exploits0References2
OSV
OSV
added 2024/12/14 9:15 a.m.4 views

CVE-2024-11720

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated...

6.1CVSS5.9AI score0.00352EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/14 8:26 a.m.20 views

CVE-2024-11721 Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated...

8.1CVSS0.0054EPSS
Exploits0References2
CVE
CVE
added 2024/12/14 8:26 a.m.72 views

CVE-2024-11721

CVE-2024-11721 concerns Frontend Admin by DynamiApps (WordPress)

8.1CVSS8.3AI score0.0054EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder