Unauthenticated Privilege Escalation Vulnerability in Frontend Admin Plugin
CVE-2024-11721
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 14 December 2024
What is CVE-2024-11721?
The Frontend Admin plugin developed by DynamiApps for WordPress exhibits a vulnerability that enables privilege escalation in all versions up to and including 3.24.5. This vulnerability arises from inadequate controls on the user role selection field in forms, permitting unauthorized users to create new administrative accounts. This situation becomes particularly concerning as it allows for the generation of administrative access despite the absence of the necessary role options provided to unauthenticated users. As a result, websites utilizing this plugin may be significantly at risk, underscoring the importance of applying security measures and updates promptly to mitigate potential exploitation.
Affected Version(s)
Frontend Admin by DynamiApps * <= 3.24.5