Primary

Context

Frontend Admin by DynamiApps WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Arbitrary Data Deletion

Vulnerability

Patched

A vulnerability exists in the Frontend Admin by DynamiApps plugin for WordPress, in all versions through 3.28.25. The issue arises from a missing capability check in the 'delete_object' function, allowing unauthenticated users to delete various types of content, including posts, pages, products, taxonomy terms, and user accounts.

Impact

Exploitation of this vulnerability allows for the unauthorized deletion of posts, pages, products, taxonomy terms, and user accounts.

Remediation

Users are advised to update the Frontend Admin by DynamiApps plugin to version 3.28.26 or a newer patched version.

Added: Jan 9, 2026, 8:20 AM

Updated: Jan 9, 2026, 8:20 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

8.2

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

8.2

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frontend Admin by DynamiApps WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Arbitrary Data Deletion

Vulnerability

Impact

Remediation

Affected Products

DynamiApps Frontend Admin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating