The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 14 Dec 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. | |
Title | Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation | |
Weaknesses | CWE-269 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-14T08:26:39.587Z
Updated: 2024-12-16T16:40:45.292Z
Reserved: 2024-11-25T18:54:51.356Z
Link: CVE-2024-11721
Vulnrichment
Updated: 2024-12-16T16:34:31.013Z
NVD
Status : Received
Published: 2024-12-14T09:15:06.383
Modified: 2024-12-14T09:15:06.383
Link: CVE-2024-11721
Redhat
No data.