CVE-2025-13342
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dynamiapps | frontend_admin | 3.28.20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Frontend Admin by DynamiApps WordPress plugin allows unauthenticated attackers to modify arbitrary WordPress options due to insufficient capability checks and input validation in the ActionOptions::run() save handler. Attackers can submit crafted form data to public frontend forms to change critical options such as users_can_register, default_role, and admin_email.
How can this vulnerability impact me? :
The vulnerability can have a severe impact by allowing attackers to change important WordPress settings without authentication. This can lead to unauthorized user registrations, changes in default user roles, and modification of the admin email address, potentially resulting in privilege escalation, loss of site control, and disruption of site operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Frontend Admin by DynamiApps plugin to the latest version that includes the security fixes addressing unauthorized modification of WordPress options. The update involves extensive security improvements to form handling and admin option management, preventing unauthenticated attackers from modifying critical options. Applying this update will strengthen the plugin's security posture and mitigate the risk of exploitation. [2]