Vulnerabilities and security researches forfrontend-dashboard frontend-dashboard

Jun 07, 2024

CVE, Research URL: CVE-2024-29775
Home page URL: Security reports for Frontend Dashboard
Application: Frontend Dashboard
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-32726
Home page URL: Security reports for Frontend Dashboard
Application: Frontend Dashboard
Date: Apr 24, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2.
Affected versions: Min -, max -.
Status: vulnerable

Sep 11, 2024

CVE, Research URL: CVE-2024-8268
Home page URL: Security reports for Frontend Dashboard
Application: Frontend Dashboard
Date: Sep 10, 2024
Research Description: The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to call arbitrary functions that can be leverage for privilege escalation by changing user's passwords.
Affected versions: Min -, max -.
Status: vulnerable

Apr 26, 2025

CVE, Research URL: CVE-2025-46248
Home page URL: Security reports for Frontend Dashboard
Application: Frontend Dashboard
Date: Apr 24, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard allows SQL Injection. This issue affects Frontend Dashboard: from n/a through 2.2.5.
Affected versions: Min -, max -.
Status: vulnerable

May 08, 2025

CVE, Research URL: CVE-2025-4104
Home page URL: Security reports for Frontend Dashboard
Application: Frontend Dashboard
Date: May 07, 2025
Research Description: The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions 1.0 to 2.2.6. This makes it possible for unauthenticated attackers to reset the administrator’s email and password, and elevate their privileges to that of an administrator.
Affected versions: Min -, max -.
Status: vulnerable

May 14, 2025

CVE, Research URL: CVE-2025-4473
Home page URL: Security reports for Frontend Dashboard
Application: Frontend Dashboard
Date: May 13, 2025
Research Description: The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends outgoing emails. By pointing SMTP to their own server, attackers could capture password reset emails intended for administrators, and elevate their privileges for full site takeover.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-4474
Home page URL: Security reports for Frontend Dashboard
Application: Frontend Dashboard
Date: May 13, 2025
Research Description: The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the plugin’s 'register' role setting to make new user registrations default to the administrator role, leading to an elevation of privileges to that of an administrator.
Affected versions: Min -, max -.
Status: vulnerable