Dynamiapps

Frontend Admin

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-14937

  • EPSS 0.05%
  • Veröffentlicht 09.01.2026 07:22:10
  • Zuletzt bearbeitet 13.01.2026 14:03:46

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontend_admin/forms/update_field' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input...

8.5

CVE-2025-49267

  • EPSS 0.03%
  • Veröffentlicht 14.08.2025 10:34:10
  • Zuletzt bearbeitet 14.08.2025 13:11:53

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.3.

6.8

CVE-2025-49303

  • EPSS 0.05%
  • Veröffentlicht 04.07.2025 11:18:00
  • Zuletzt bearbeitet 08.07.2025 16:18:53

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Path Traversal. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.7.

6.1

CVE-2025-26987

  • EPSS 0.09%
  • Veröffentlicht 25.02.2025 15:15:31
  • Zuletzt bearbeitet 21.05.2025 17:07:44

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Reflected XSS. This issue affects Frontend Admin by DynamiApps: from n/a through 3.25.17.

5.9

CVE-2024-11722

  • EPSS 0.73%
  • Veröffentlicht 21.12.2024 10:15:07
  • Zuletzt bearbeitet 05.06.2025 15:31:37

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

8.1

CVE-2024-11721

  • EPSS 0.32%
  • Veröffentlicht 14.12.2024 09:15:06
  • Zuletzt bearbeitet 05.06.2025 15:29:36

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. Th...

6.1

CVE-2024-11720

  • EPSS 1.37%
  • Veröffentlicht 14.12.2024 09:15:05
  • Zuletzt bearbeitet 05.06.2025 16:13:39

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. ...

9.8

CVE-2024-3729

  • EPSS 0.55%
  • Veröffentlicht 02.05.2024 17:15:30
  • Zuletzt bearbeitet 05.06.2025 20:27:10

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to...

9.8

CVE-2023-51411

  • EPSS 0.66%
  • Veröffentlicht 29.12.2023 14:15:46
  • Zuletzt bearbeitet 21.11.2024 08:38:03

Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.