6 matches found
CVE-2024-3729
The CVE-2024-3729 issue affects the Frontend Admin by DynamiApps WordPress plugin. It is caused by improper missing encryption exception handling in the fea_encrypt function, and is exploitable on all versions up to and including 3.19.4 when the OpenSSL PHP extension is not loaded. This allows un...
CVE-2024-11721
CVE-2024-11721 concerns Frontend Admin by DynamiApps (WordPress)
CVE-2024-11722
CVE-2024-11722 (Frontend Admin by DynamiApps, WordPress) is an SQL Injection affecting all versions up to 3.25.1, caused by insufficient escaping of the user-supplied orderby parameter and inadequate query preparation. Exploitation requires unauthenticated access with permission to view form subm...
CVE-2025-26987
CVE-2025-26987 describes a Reflected Cross-Site Scripting (XSS) vulnerability in Frontend Admin by DynamiApps (often listed as Frontend Admin by DynamiApps). The initial description states an XSS condition in the Shabti Kaplan Frontend Admin by DynamiApps and indicates affected versions from n/a ...
CVE-2024-11720
CVE-2024-11720 affects the WordPress plugin Frontend Admin by DynamiApps (ACF Frontend Form Element). The issue is Stored Cross-Site Scripting via submission forms on the new Taxonomy form in all versions up to 3.24.5, caused by insufficient input sanitization and output escaping. Exploitation is...
CVE-2023-51411
CVE-2023-51411 describes an Unrestricted Upload of File with Dangerous Type in Frontend Admin by DynamiApps. Affected product: Frontend Admin by DynamiApps ( DynamiApps plugin ); vulnerable component: upload handling that allows arbitrary file uploads. Scope: from n/a through 3.18.3. Impact as pe...