Lucene search
+L

146 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 3:27 a.m.14 views

CVE-2026-7802 Frontend Admin by DynamiApps <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via 'user_id' URL Query Parameter

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8.8CVSS6AI score0.00402EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.19 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00433EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.26 views

PT-2026-44179

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.29.3 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers with subscriber-level...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS5.8AI score0.00402EPSS
Exploits0References14
Patchstack
Patchstack
added 2026/05/15 10:31 a.m.15 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.36 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Colin Xu in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.36...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/15 9:16 a.m.26 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS0.00325EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/15 7:46 a.m.14 views

EUVD-2026-30513

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.11 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References6
CVE
CVE
added 2026/05/15 7:46 a.m.51 views

CVE-2026-6228

The CVE concerns the WordPress plugin Frontend Admin by DynamiApps (up to version 3.28.36). A privilege escalation flaw arises from insufficient authorization checks in the role field update mechanism combined with permissive capabilities for the admin_form post type. The admin_form CPT uses capa...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.67 views

CVE-2026-6228 Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS0.00325EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.20 views

PT-2026-41274

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.28.37 Description Insufficient authorization checks in the role field update mechanism and overly permissive capabilities for the admin form post type allow for privilege escalation. The admin...

8.8CVSS5.9AI score0.00325EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/04/18 9:49 a.m.134 views

Exploit for CVE-2025-13342

CVE-2025-13342 Frontend Admin by DynamiApps = 3.28.20 - Un...

9.8CVSS5.7AI score0.00464EPSS
Exploits2
Patchstack
Patchstack
added 2026/03/30 11:21 a.m.6 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts vulnerability

Authenticated Editor+ PHP Object Injection via 'postcontent' of Admin Form Posts vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.31...

7.2CVSS5.9AI score0.00533EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/26 6:30 a.m.7 views

EUVD-2026-16086

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...

7.2CVSS6.2AI score0.00533EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/26 2:25 a.m.30 views

CVE-2026-3328 Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...

7.2CVSS0.00533EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/26 2:25 a.m.1 views

CVE-2026-3328 Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...

7.2CVSS6.2AI score0.00533EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 2:25 a.m.32 views

CVE-2026-3328

Affected: Frontend Admin by DynamiApps (WordPress). Vulnerable component: PHP deserialization of admin_form post_content via maybe_unserialize() with no class restrictions. Impact: authenticated attackers with Editor+ can inject a PHP Object; presence of a POP chain enables remote code execution....

7.2CVSS6.2AI score0.00533EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

WordPress plugin Frontend Admin by DynamiApps 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

7.2CVSS5.9AI score0.00533EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/03 9:40 a.m.13 views

WordPress Frontend Admin by DynamiApps plugin <= 3.24.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Max Boll b0lli - Max Boll - IT Security in WordPress Plugin Frontend Admin by DynamiApps versions = 3.24.5...

8.1CVSS5.3AI score0.0054EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder