Vulnerability Description
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run() save handler. This makes it possible for unauthenticated attackers to modify critical WordPress options such as users_can_register, default_role, and admin_email via submitting crafted form data to public frontend forms.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/3400432/acf-frontend-form-element
- https://www.wordfence.com/threat-intel/vulnerabilities/id/613f2035-3061-429b-b21
FAQ
What is CVE-2025-13342?
CVE-2025-13342 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficie...
How severe is CVE-2025-13342?
CVE-2025-13342 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-13342?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.