cleantalk
Vulnerabilities and Security Researches

Frontend Dashboard, CVE-2025-4473

CVE, Research URL

CVE-2025-4473

Home page URL

Security reports for Frontend Dashboard

Application

Frontend Dashboard

Published on
May 13, 2025
Research Description
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends outgoing emails. By pointing SMTP to their own server, attackers could capture password reset emails intended for administrators, and elevate their privileges for full site takeover.
Affected versions
Min -, max 2.2.8.
Status
vulnerable
Previous vulnerability researches
GamiPress – Link (CVE-2024-5536) , Jun 07, 2024
New vulnerability
WordPress Portfolio Builder – Portfolio Gallery (CVE-2025-1757) , May 14, 2025
LiteSpeed Cache (CVE-2025-47437) , May 14, 2025
Frontend Dashboard (CVE-2025-4474) , May 14, 2025
Frontend Dashboard (CVE-2025-4473) , May 14, 2025
Easy FancyBox – WordPress Lightbox Plugin (CVE-2025-3597) , May 14, 2025