2 matches found
CVE-2025-14937
creationtimestamp| type| source ---|---|--- 2026-01-09 08:40:43+00:00| seen| https://gist.github.com/Darkcrai86/71f91f53bac596a9788663f4d7c9b0e9 2026-01-09 08:56:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mby4u5yalp2e 2026-01-09 09:02:04+00:00| seen|...
CVE-2025-14937 Frontend Admin by DynamiApps <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field'
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...