CVE-2025-49303
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49303 is an Arbitrary File Download vulnerability in the WordPress plugin Frontend Admin by DynamiApps, affecting versions up to 3.28.7. It allows an attacker with Editor-level privileges to download any file from the affected website, including sensitive files such as login credentials or backups. This is due to improper limitation of a pathname to a restricted directory, classified as a Path Traversal vulnerability and categorized under OWASP Top 10 A1: Broken Access Control. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive files on your website, such as login credentials and backups. An attacker with Editor-level access can exploit this to download critical files, potentially compromising the security and integrity of your site. This poses a significant security risk, enabling data breaches and further attacks. The vulnerability has a medium severity with a CVSS score of 6.8, and exploitation is likely automated and opportunistic against unpatched sites. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for exploitation attempts that try to download arbitrary files via the Frontend Admin plugin by DynamiApps. Since attackers typically automate exploitation attempts, network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to look for suspicious requests targeting file download parameters. Specific commands are not provided in the resources, but it is recommended to use server-side malware scanning and professional incident response tools rather than relying solely on plugin-based scanners. Monitoring web server logs for unusual file download requests or requests with path traversal patterns may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack to block attacks temporarily until the plugin is updated. The most effective action is to update the Frontend Admin plugin by DynamiApps to version 3.28.8 or later, where the vulnerability is fixed. Additionally, enabling automatic vulnerability protection and auto-updates for the plugin is recommended. In case of suspected compromise, professional incident response and server-side malware scanning should be conducted. [1]