Lucene search
K

127 matches found

RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.3 views

CVE-2025-14937

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS5.2AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2025-14736

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.29. This is due to insufficient validation of user-supplied role values in the 'validatevalue', 'preupdatevalue', and 'getfieldsdisplay' functions. This makes it...

9.8CVSS5.9AI score0.00663EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/01/09 11:17 p.m.249 views

Exploit for CVE-2025-14736

CVE-2025-14736 Frontend Admin by DynamiApps - Unauthentica...

9.8CVSS7AI score0.00663EPSS
Exploits1
Patchstack
Patchstack
added 2026/01/09 8:25 a.m.7 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'updatefield' vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.23...

7.2CVSS5.8AI score0.00267EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/09 8:15 a.m.4 views

CVE-2025-14937

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS0.00267EPSS
Exploits0References2
NVD
NVD
added 2026/01/09 8:15 a.m.9 views

CVE-2025-14741

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...

9.1CVSS0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 7:22 a.m.31 views

CVE-2025-14741 Frontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...

9.1CVSS0.00353EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 7:22 a.m.2 views

CVE-2025-14741 Frontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...

9.1CVSS5.1AI score0.00353EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 7:22 a.m.20 views

CVE-2025-14741

CVE-2025-14741 affects Frontend Admin by DynamiApps (WordPress) up to version 3.28.25. The issue is missing authorization for data deletion via the delete_object path, enabling unauthenticated attackers to delete posts, pages, products, taxonomy terms, and user accounts. Wordfence’s coverage conf...

9.1CVSS5.1AI score0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 7:22 a.m.26 views

CVE-2025-14937 Frontend Admin by DynamiApps <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field'

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 7:22 a.m.2 views

CVE-2025-14937 Frontend Admin by DynamiApps <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field'

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS4.9AI score0.00267EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 7:22 a.m.18 views

CVE-2025-14937

CVE-2025-14937 : Frontend Admin by DynamiApps for WordPress is vulnerable to unauthenticated stored XSS via the acff parameter in the AJAX action frontend_admin/forms/update_field. Affected versions are all up to and including 3.28.23 due to insufficient input sanitization and output escaping. Wo...

7.2CVSS4.9AI score0.00267EPSS
Exploits0References2
NVD
NVD
added 2026/01/09 7:16 a.m.7 views

CVE-2025-14736

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.29. This is due to insufficient validation of user-supplied role values in the 'validatevalue', 'preupdatevalue', and 'getfieldsdisplay' functions. This makes it...

9.8CVSS0.00663EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/01/09 7:10 a.m.12 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.25 - Unauthenticated Privilege Escalation to Administrator via Role Form Field vulnerability

Unauthenticated Privilege Escalation to Administrator via Role Form Field vulnerability discovered by andrea bocchetti in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.25...

9.8CVSS6.9AI score0.00663EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/01/09 7:2 a.m.8 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability

Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability discovered by andrea bocchetti in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.25...

9.1CVSS7AI score0.00353EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/09 6:34 a.m.5 views

CVE-2025-14736 Frontend Admin by DynamiApps <= 3.28.25 - Unauthenticated Privilege Escalation to Administrator via Role Form Field

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.25. This is due to insufficient validation of user-supplied role values in the 'validatevalue', 'preupdatevalue', and 'getfieldsdisplay' functions. This makes it...

9.8CVSS5.8AI score0.00663EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/09 6:34 a.m.34 views

CVE-2025-14736 Frontend Admin by DynamiApps <= 3.28.29 - Unauthenticated Privilege Escalation to Administrator via Role Form Field

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.29. This is due to insufficient validation of user-supplied role values in the 'validatevalue', 'preupdatevalue', and 'getfieldsdisplay' functions. This makes it...

9.8CVSS0.00663EPSS
Exploits1References3
CVE
CVE
added 2026/01/09 6:34 a.m.58 views

CVE-2025-14736

CVE-2025-14736 affects the WordPress plugin Frontend Admin by DynamiApps . Multiple connected sources describe a Privilege Escalation vulnerability up to version 3.28.25 caused by insufficient validation of user-supplied role values in functions like validate_value, pre_update_value, and get_fiel...

9.8CVSS5.9AI score0.00663EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.8 views

PT-2026-1753

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions through 3.28.25 Description The Frontend Admin by DynamiApps plugin for WordPress is affected by a missing authorization check, allowing unauthorized data modification and deletion. Specifically, a missing...

9.1CVSS6.2AI score0.00353EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.7 views

WordPress plugin WP Table Builder – Drag & Drop Table Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

9.1CVSS6.6AI score0.00353EPSS
Exploits0References2
Rows per page
Query Builder