CVE-2025-4473 Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajaxrequest function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends...

CVE-2025-4473

CVE-2025-4473 concerns the WordPress Frontend Dashboard plugin (versions 1.0–2.2.7). The issue is a missing capability check in the ajax_request() function, enabling authenticated users with Subscriber-level access or higher to redirect outgoing emails (e.g., SMTP) to an attacker-controlled serve...

CVE-2024-8268

CVE-2024-8268 affects the Frontend Dashboard WordPress plugin (versions

CVE-2022-48175

CVE-2022-48175 affects Rukovoditel v3.2.1. The vulnerability is described as a remote code execution (RCE) in the web path /rukovoditel/index.php?module=dashboard/ajax_request. The initial description provides the existence of an RCE but does not detail the root cause, affected subcomponents beyo...

CVE-2014-7846

tag/tagautocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request...