CVE-2025-4473 Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajaxrequest function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends...

PT-2025-20837 · WordPress · Frontend Dashboard

Name of the Vulnerable Software and Affected Versions: Frontend Dashboard plugin for WordPress versions 1.0 through 2.2.7 Description: The issue is related to a missing capability check in the ajax request function, allowing authenticated attackers with Subscriber-level access or higher to contro...

CVE-2025-4104

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedwpajaxfedloginformpost function in versions 1.0 to 2.2.6. This makes it possible for unauthenticated attackers to reset the administrator’s email and password, and elevate...

CVE-2024-8268

The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajaxrequest function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level...