{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14736", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-15T18:33:44.721Z", "datePublished": "2026-01-09T06:34:51.712Z", "dateUpdated": "2026-04-08T16:34:05.628Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:05.628Z"}, "affected": [{"vendor": "shabti", "product": "Frontend Admin by DynamiApps", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.28.29", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.29. This is due to insufficient validation of user-supplied role values in the 'validate_value', 'pre_update_value', and 'get_fields_display' functions. This makes it possible for unauthenticated attackers to register as administrators and gain complete control of the site, granted they can access a user registration form containing a Role field."}], "title": "Frontend Admin by DynamiApps <= 3.28.29 - Unauthenticated Privilege Escalation to Administrator via Role Form Field", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07eb71fc-6588-490d-8947-3077ec4a9045?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3427243/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3472098%40acf-frontend-form-element&new=3472098%40acf-frontend-form-element&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "andrea bocchetti"}], "timeline": [{"time": "2025-12-12T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-12-15T19:25:41.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-01-08T17:45:03.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-09T17:05:20.543530Z", "id": "CVE-2025-14736", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T17:05:30.168Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14736", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-09T17:05:20.543530Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T17:05:26.344Z"}}], "cna": {"title": "Frontend Admin by DynamiApps <= 3.28.25 - Unauthenticated Privilege Escalation to Administrator via Role Form Field", "credits": [{"lang": "en", "type": "finder", "value": "andrea bocchetti"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "shabti", "product": "Frontend Admin by DynamiApps", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.28.25"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-12T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2025-12-15T19:25:41.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-01-08T17:45:03.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07eb71fc-6588-490d-8947-3077ec4a9045?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3427243/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php"}], "descriptions": [{"lang": "en", "value": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.25. This is due to insufficient validation of user-supplied role values in the 'validate_value', 'pre_update_value', and 'get_fields_display' functions. This makes it possible for unauthenticated attackers to register as administrators and gain complete control of the site, granted they can access a user registration form containing a Role field."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-01-09T06:34:51.712Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14736", "state": "PUBLISHED", "dateUpdated": "2026-01-09T17:05:30.168Z", "dateReserved": "2025-12-15T18:33:44.721Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-09T06:34:51.712Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.29. This is due to insufficient validation of user-supplied role values in the 'validate_value', 'pre_update_value', and 'get_fields_display' functions. This makes it possible for unauthenticated attackers to register as administrators and gain complete control of the site, granted they can access a user registration form containing a Role field."}, {"lang": "es", "value": "El plugin Frontend Admin de DynamiApps para WordPress es vulnerable a una escalada de privilegios en todas las versiones hasta la 3.28.25, inclusive. Esto se debe a una validaci\u00f3n insuficiente de los valores de rol proporcionados por el usuario en las funciones 'validate_value', 'pre_update_value' y 'get_fields_display'. Esto permite a atacantes no autenticados registrarse como administradores y obtener control total del sitio, siempre que puedan acceder a un formulario de registro de usuario que contenga un campo de Rol."}], "id": "CVE-2025-14736", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-09T07:16:01.333", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3427243/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3472098%40acf-frontend-form-element&new=3472098%40acf-frontend-form-element&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07eb71fc-6588-490d-8947-3077ec4a9045?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T20:14:54.189044+00:00", "value": {"mitigation_remediation": ["Upgrade the Frontend Admin by DynamiApps plugin to a version newer than 3.28.29 to ensure proper role validation is applied.", "Remove or disable the Role field from public registration forms so that untrusted users cannot submit privileged role values.", "Restrict access to the registration page to authenticated or trusted users so that only authorized accounts can be created with elevated privileges."], "summary": {"action": "Update", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "All users of the Frontend Admin by DynamiApps plugin running WordPress, with any installation of version 3.28.29 or earlier, are affected. The vulnerability is present in every build up to and including 3.28.29 and thus applies to all sites that have not upgraded beyond that release.", "description_and_impact": "The Frontend Admin by DynamiApps WordPress plugin allows an unauthenticated attacker to register as an administrator because the plugin fails to properly validate role inputs in internal validation, pre_update, and display functions. This flaw, identified as CWE\u2011269 (Improper Control of Privileged Access), directly enables an attacker to gain full site control, compromising confidentiality, integrity, and availability for the entire WordPress installation.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a critical severity level, yet the EPSS score of less than 1% suggests that exploitation is currently unlikely. The flaw is not listed in CISA\u2019s KEV catalog. The attack requires access to a user registration page that contains a Role field; any visitor who can submit the form with arbitrary role data can promote themselves to administrator. Because the attacker can achieve this without authentication, the risk to organizations that expose such forms is substantial, but the low exploitation probability mitigates immediate concern."}}}}, "created": "2026-01-09T13:23:34.587462+00:00", "updated": "2026-04-22T20:15:20.539393+00:00", "vendors": ["shabti", "shabti$PRODUCT$frontend_admin_by_dynamapps", "wordpress", "wordpress$PRODUCT$wordpress"]}