Unrated severityNVD Advisory· Published Dec 14, 2024· Updated Apr 8, 2026
Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation
CVE-2024-11721
Description
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=3.24.5
- shabti/Frontend Admin by DynamiAppsv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.