5 matches found
CVE-2025-14937
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-14937
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-14937 Frontend Admin by DynamiApps <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field'
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...
PT-2026-1758
Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions up to and including 3.28.23 Description The Frontend Admin by DynamiApps plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escapi...
CVE-2021-20867
CVE-2021-20867 affects Advanced Custom Fields (ACF) and ACF Pro versions prior to 5.11. The root cause is a missing authorization mechanism for moving field groups, which could allow an attacker to move field groups they should not access via unspecified vectors. Public sources in the connected d...