Unauthorized Code Execution Vulnerability in Frontend Dashboard for WordPress
CVE-2024-8268

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Frontend Dashboard
Vendor: CVE Published:; 10 September 2024

Summary

The Frontend Dashboard plugin for WordPress is exposed to a vulnerability that allows unauthorized code execution due to a lack of proper filtering on callable methods and functions. This vulnerability affects all versions up to and including 2.2.4. Authenticated attackers, even those with only subscriber-level access, can exploit this flaw by invoking arbitrary functions, potentially leading to privilege escalation and unauthorized password changes for users. The risk posed by this vulnerability highlights the importance of keeping plugins updated and implementing strict access controls to maintain site security.

Affected Version(s)

Frontend Dashboard * <= 2.2.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/frontend-dashb...

https://plugins.trac.wordpress.org/changeset/3147868/fron...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 28, 2024

Credit

Lucio Sá