Lucene search
+L

4 matches found

Circl
Circl
added 2025/05/13 7:30 a.m.29 views

CVE-2025-4474

creationtimestamp| type| source ---|---|--- 2025-05-13 07:30:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16081 2025-05-13 08:47:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp23xraf342w 2025-05-13 11:21:39+00:00| seen| https://t.me/cvedetector/25173 2025-06-25...

8.8CVSS8.7AI score0.00374EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/13 6:40 a.m.12 views

CVE-2025-4474 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedadminsettingformfunction function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the...

8.8CVSS8.5AI score0.00374EPSS
Exploits0References5
CVE
CVE
added 2025/05/13 6:40 a.m.53 views

CVE-2025-4474

CVE-2025-4474 affects the WordPress Frontend Dashboard plugin (versions 1.0–2.2.7). A missing capability check in fed_admin_setting_form_function() allows authenticated users with Subscriber+ to overwrite the plugin’s register role, elevating privileges to administrator. Public references in Word...

8.8CVSS8.5AI score0.00374EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/05/12 8:39 p.m.9 views

WordPress Frontend Dashboard 1.0-2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.0-2.2.7...

8.8CVSS8.3AI score0.00374EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder