cleantalk
Vulnerabilities and Security Researches

Frontend Dashboard, CVE-2024-8268

CVE, Research URL

CVE-2024-8268

Home page URL

Security reports for Frontend Dashboard

Application

Frontend Dashboard

Published on
Sep 10, 2024
Research Description
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to call arbitrary functions that can be leverage for privilege escalation by changing user's passwords.
Affected versions
Min -, max 2.2.5.
Status
vulnerable
Previous vulnerability researches
Frontend Dashboard (CVE-2024-29775) , Jun 07, 2024
Frontend Dashboard (CVE-2024-32726) , Jun 07, 2024
Frontend Dashboard (CVE-2024-8268) , Sep 11, 2024
Frontend Dashboard (CVE-2025-46248) , Apr 26, 2025
New vulnerability
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress (CVE-2025-2801) , Apr 27, 2025
Integração entre Eduzz e Woocommerce (CVE-2025-3906) , Apr 27, 2025
Xelion Webchat (CVE-2025-3058) , Apr 27, 2025
Breeze Display (CVE-2025-3749) , Apr 27, 2025
Add Google +1 (Plus one) social share Button (CVE-2025-3866) , Apr 27, 2025