Unauthorized Modification Vulnerability in Frontend Admin Plugin by DynamiApps
CVE-2025-13342

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Frontend Admin By Dynamiapps
Vendor: CVE Published:; 3 December 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-13342?

The Frontend Admin plugin by DynamiApps for WordPress has a vulnerability that allows unauthorized modification of WordPress options due to insufficient capability checks and inadequate input validation in its save handler. This vulnerability affects all versions up to and including 3.28.20, enabling unauthenticated attackers to alter critical WordPress settings like users_can_register, default_role, and admin_email by submitting crafted form data through public frontend forms. This poses a significant risk to WordPress sites using the affected plugin, as it undermines core functionality and could lead to further exploitation.

Affected Version(s)

Frontend Admin by DynamiApps * <= 3.28.20

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-13342
Created by Altelus1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3400432/acf-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 9, 2025
👾
Exploit known to exist
Dec 9, 2025
Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Nov 17, 2025

Credit

JEONG YU CHAN

JSON