4 matches found
CVE-2025-4474
creationtimestamp| type| source ---|---|--- 2025-05-13 07:30:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16081 2025-05-13 08:47:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp23xraf342w 2025-05-13 11:21:39+00:00| seen| https://t.me/cvedetector/25173 2025-06-25...
CVE-2025-4474 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedadminsettingformfunction function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the...
CVE-2025-4474
CVE-2025-4474 affects the WordPress Frontend Dashboard plugin (versions 1.0–2.2.7). A missing capability check in fed_admin_setting_form_function() allows authenticated users with Subscriber+ to overwrite the plugin’s register role, elevating privileges to administrator. Public references in Word...
WordPress Frontend Dashboard 1.0-2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.0-2.2.7...