cleantalk
Vulnerabilities and Security Researches

Frontend Dashboard, CVE-2025-4473

CVE, Research URL

CVE-2025-4473

Home page URL

Security reports for Frontend Dashboard

Application

Frontend Dashboard

Published on
May 13, 2025
Research Description
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends outgoing emails. By pointing SMTP to their own server, attackers could capture password reset emails intended for administrators, and elevate their privileges for full site takeover.
Affected versions
Min -, max 2.2.8.
Status
vulnerable
Previous vulnerability researches
Chatbox Manager (CVE-2025-30790) , Mar 28, 2025
New vulnerability
Frontend Dashboard (CVE-2025-4474) , May 14, 2025
Frontend Dashboard (CVE-2025-4473) , May 14, 2025
Easy FancyBox – WordPress Lightbox Plugin (CVE-2025-3597) , May 14, 2025
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! (CVE-2025-26841) , May 14, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-47682) , May 14, 2025