Vinoth06 Frontend Dashboard vulnerabilities
6 known vulnerabilities affecting vinoth06/frontend_dashboard.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-4104P2CRITICALCVSS 9.8≥ 1.0, ≤ 2.2.62025-05-07
CVE-2025-4104 [CRITICAL] CWE-285 CVE-2025-4104: The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing c
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions 1.0 to 2.2.6. This makes it possible for unauthenticated attackers to reset the administrator’s email and password, and elevate their privileges to that of an administrator.
nvd
CVE-2024-8268P3HIGHCVSS 8.8≤ 2.2.42024-09-10
CVE-2024-8268 [HIGH] CWE-94 CVE-2024-8268: The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insu
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to call arbitrary functions that can b
nvd
CVE-2025-4474P3HIGHCVSS 8.8≥ 1.0, ≤ 2.2.72025-05-13
CVE-2025-4474 [HIGH] CWE-285 CVE-2025-4474: The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing c
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the plugin’s 'register' role setting to make new user regi
nvd
CVE-2025-4473P3HIGHCVSS 8.8≥ 1.5.10, ≤ 2.2.72025-05-13
CVE-2025-4473 [HIGH] CWE-285 CVE-2025-4473: The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing c
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends outgoing emails. By pointing SMTP to their own server, a
nvd
CVE-2024-32726P3HIGHCVSS 7.5≥ n/a, ≤ 2.2.22024-04-24
CVE-2024-32726 [HIGH] CWE-200 CVE-2024-32726: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashb
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2.
nvd
CVE-2024-29775P4MEDIUMCVSS 6.5≥ n/a, ≤ 2.2.12024-03-27
CVE-2024-29775 [MEDIUM] CWE-79 CVE-2024-29775: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1.
nvd