The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
History

Mon, 16 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 14 Dec 2024 08:45:00 +0000

Type Values Removed Values Added
Description The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
Title Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-12-14T08:26:39.587Z

Updated: 2024-12-16T16:40:45.292Z

Reserved: 2024-11-25T18:54:51.356Z

Link: CVE-2024-11721

cve-icon Vulnrichment

Updated: 2024-12-16T16:34:31.013Z

cve-icon NVD

Status : Received

Published: 2024-12-14T09:15:06.383

Modified: 2024-12-14T09:15:06.383

Link: CVE-2024-11721

cve-icon Redhat

No data.