Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Frontend Admin by DynamiApps WordPress Plugin Unauthenticated Arbitrary Options Modification Vulnerability

Vulnerability

A vulnerability exists in the Frontend Admin by DynamiApps plugin for WordPress, allowing unauthorized users to modify arbitrary WordPress options. This issue affects all versions of the plugin up to and including 3.28.20. The vulnerability arises from inadequate capability checks and input validation in the ActionOptions::run() save handler. As a result, unauthenticated attackers can alter critical WordPress options such as users_can_register, default_role, and admin_email by submitting crafted form data through public frontend forms.

Impact

Exploitation of this vulnerability allows for unauthorized modification of key WordPress options, potentially leading to unauthorized user registrations, role assignments, or changes to administrative contact information.

Remediation

Users are advised to update the Frontend Admin by DynamiApps plugin to version 3.28.21 or a newer patched version.

Added: Dec 3, 2025, 1:22 PM
Updated: Dec 3, 2025, 1:22 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
5.0
exploitability
9.3
remediation
7.7
relevance
1.2
threat
8.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.