CVE-2025-13342
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-03

Last updated on: 2025-12-04

Assigner: Wordfence

Description
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run() save handler. This makes it possible for unauthenticated attackers to modify critical WordPress options such as users_can_register, default_role, and admin_email via submitting crafted form data to public frontend forms.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-03
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-12-03
EPSS Evaluated
2026-06-14
NVD
CVE-2025-13342
EUVD
EUVD-2025-200979
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dynamiapps frontend_admin 3.28.20
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Frontend Admin by DynamiApps WordPress plugin allows unauthenticated attackers to modify arbitrary WordPress options due to insufficient capability checks and input validation in the ActionOptions::run() save handler. Attackers can submit crafted form data to public frontend forms to change critical options such as users_can_register, default_role, and admin_email.

Impact Analysis

The vulnerability can have a severe impact by allowing attackers to change important WordPress settings without authentication. This can lead to unauthorized user registrations, changes in default user roles, and modification of the admin email address, potentially resulting in privilege escalation, loss of site control, and disruption of site operations.

Mitigation Strategies

To mitigate this vulnerability, immediately update the Frontend Admin by DynamiApps plugin to the latest version that includes the security fixes addressing unauthorized modification of WordPress options. The update involves extensive security improvements to form handling and admin option management, preventing unauthenticated attackers from modifying critical options. Applying this update will strengthen the plugin's security posture and mitigate the risk of exploitation. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart