Critical severity9.8NVD Advisory· Published Jan 9, 2026· Updated Apr 15, 2026
CVE-2025-14736
CVE-2025-14736
Description
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.29. This is due to insufficient validation of user-supplied role values in the 'validate_value', 'pre_update_value', and 'get_fields_display' functions. This makes it possible for unauthenticated attackers to register as administrators and gain complete control of the site, granted they can access a user registration form containing a Role field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.28.29
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.