CVE-2025-4474
Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the pluginβs 'register' role setting to make new user registrations default to the administrator role, leading to an elevation of privileges to that of an administrator.
| CWE | CWE-285 |
| Vendor | vinoth06 |
| Product | frontend dashboard |
| Published | May 13, 2025 |
| Last Updated | May 13, 2025 |
Stay Ahead of the Next One
Get instant alerts for vinoth06 frontend dashboard
Be the first to know when new high vulnerabilities affecting vinoth06 frontend dashboard are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
vinoth06 / Frontend Dashboard
1.0 β€ 2.2.7
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/fb61159a-e501-4c55-a384-b6049e0f0bc8?source=cve wordpress.org: https://wordpress.org/plugins/frontend-dashboard/#developers plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/frontend-dashboard/tags/2.2.7/includes/admin/request/admin.php#L26 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/frontend-dashboard/tags/2.2.7/includes/admin/request/tabs/login.php#L14 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3290623/
Credits
Kenneth Dunn