Privilege Escalation in Frontend Admin Plugin for WordPress by DynamiApps
CVE-2025-14736

9.8CRITICAL

Key Information:

Vendor

WordPress
Status
Frontend Admin By Dynamiapps
Vendor
CVE Published:
9 January 2026

What is CVE-2025-14736?

The Frontend Admin plugin for WordPress by DynamiApps contains a vulnerability allowing unauthenticated users to escalate their privileges. This is caused by improper validation of role values in several functions. If attackers exploit this flaw through a user registration form, they can gain unauthorized administrative access to the site and exert complete control over it. The issue affects all versions of the plugin up to and including version 3.28.25.

Affected Version(s)

Frontend Admin by DynamiApps * <= 3.28.25

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset/3427243/acf-...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

andrea bocchetti
JSON
.
CVE-2025-14736 : Privilege Escalation in Frontend Admin Plugin for WordPress by DynamiApps