VYPR

Frontend Admin By Dynamiapps

by WordPress

CVEs (9)

  • CVE-2026-6226HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely…

  • CVE-2025-13342CriDec 3, 2025
    risk 0.57cvss 9.8epss 0.00

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run() save…

  • CVE-2024-3729CriMay 2, 2024
    risk 0.57cvss 9.8epss 0.01

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user…

  • CVE-2026-6228HigMay 15, 2026
    risk 0.50cvss 8.8epss 0.00

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the…

  • CVE-2024-11720HigDec 14, 2024
    risk 0.47cvss 7.2epss 0.00

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for…

  • CVE-2024-11721HigDec 14, 2024
    risk 0.46cvss 8.1epss 0.01

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for…

  • CVE-2025-14937HigJan 9, 2026
    risk 0.40cvss 7.2epss 0.00

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontend_admin/forms/update_field' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output…

  • CVE-2024-11722MedDec 21, 2024
    risk 0.38cvss 5.9epss 0.01

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.…

  • CVE-2026-10039MedMay 29, 2026
    risk 0.32cvss 4.9epss 0.00

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL…