cleantalk
Vulnerabilities and Security Researches

Frontend Admin by DynamiApps, CVE-2025-13342

CVE, Research URL

CVE-2025-13342

Home page URL

Security reports for Frontend Admin by DynamiApps

Application

Frontend Admin by DynamiApps

Published on
Dec 03, 2025
Research Description
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run() save handler. This makes it possible for unauthenticated attackers to modify critical WordPress options such as users_can_register, default_role, and admin_email via submitting crafted form data to public frontend forms.
Affected versions
max 3.28.21.
Status
vulnerable
Previous vulnerability researches
Advanced Flamingo (CVE-2023-52226) , Jun 07, 2024
New vulnerability
Simple User Import Export (CVE-2025-13133) , Dec 10, 2025
Analytics Germanized for Google Analytics (GDPR / DSGVO) (CVE-2025-64292) , Dec 10, 2025
Classified Listing – Classified ads & Business Directory Plugin (CVE-2025-12953) , Dec 10, 2025
All-in-One Video Gallery (CVE-2025-12966) , Dec 10, 2025
Like-it (CVE-2025-12404) , Dec 10, 2025