Lucene search
K

127 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS5.8AI score0.00402EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.18 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00433EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44215

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the...

8.8CVSS5.9AI score0.00433EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44179

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.29.3 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers with subscriber-level...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References16
Patchstack
Patchstack
added 2026/05/15 10:31 a.m.13 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.36 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Colin Xu in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.36...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/15 9:16 a.m.26 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS0.00325EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.8 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References6
CVE
CVE
added 2026/05/15 7:46 a.m.46 views

CVE-2026-6228

The CVE concerns the WordPress plugin Frontend Admin by DynamiApps (up to version 3.28.36). A privilege escalation flaw arises from insufficient authorization checks in the role field update mechanism combined with permissive capabilities for the admin_form post type. The admin_form CPT uses capa...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/15 7:46 a.m.6 views

CVE-2026-6228 Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.66 views

CVE-2026-6228 Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS0.00325EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.16 views

PT-2026-41274

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.28.37 Description Insufficient authorization checks in the role field update mechanism and overly permissive capabilities for the admin form post type allow for privilege escalation. The admin...

8.8CVSS5.9AI score0.00325EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/18 9:49 a.m.126 views

Exploit for CVE-2025-13342

CVE-2025-13342 Frontend Admin by DynamiApps = 3.28.20 - Un...

9.8CVSS5.7AI score0.00464EPSS
Exploits2
NVD
NVD
added 2026/03/26 4:17 a.m.9 views

CVE-2026-3328

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...

7.2CVSS0.00533EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/26 2:25 a.m.30 views

CVE-2026-3328 Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...

7.2CVSS0.00533EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/26 2:25 a.m.1 views

CVE-2026-3328 Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...

7.2CVSS6.2AI score0.00533EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 2:25 a.m.26 views

CVE-2026-3328

Affected: Frontend Admin by DynamiApps (WordPress). Vulnerable component: PHP deserialization of admin_form post_content via maybe_unserialize() with no class restrictions. Impact: authenticated attackers with Editor+ can inject a PHP Object; presence of a POP chain enables remote code execution....

7.2CVSS6.2AI score0.00533EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.18 views

PT-2026-28193

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'post content' of admin form posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybe unserialize function without class restrictions on...

7.2CVSS6.2AI score0.00533EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/03 9:40 a.m.11 views

WordPress Frontend Admin by DynamiApps plugin <= 3.24.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Max Boll b0lli - Max Boll - IT Security in WordPress Plugin Frontend Admin by DynamiApps versions = 3.24.5...

8.1CVSS5.3AI score0.0054EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 9:25 a.m.6 views

WordPress Frontend Admin by DynamiApps plugin <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Max Boll b0lli - Max Boll - IT Security in WordPress Plugin Frontend Admin by DynamiApps versions = 3.24.5...

7.2CVSS5.3AI score0.00352EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder