Frontend Dashboard
Moderate fix1 remedy
cpe:2.3:a:buffercode:frontend_dashboard:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- >= 1.0, <= 2.2.6
Frontend Dashboard Privilege Escalation Vulnerability in WordPress
Vulnerability
Patched
A privilege escalation vulnerability has been identified in the Frontend Dashboard plugin for WordPress, affecting versions 1.0 to 2.2.6. The issue arises from a missing capability check in the 'fed_wp_ajax_fed_login_form_post()' function, allowing unauthenticated attackers to reset the administrator's email and password, thereby gaining administrative privileges.
Impact
Exploitation of this vulnerability allows unauthenticated users to reset the administrator's email and password, granting them full administrative rights on the WordPress site.
Reproduction
To reproduce this vulnerability, send a POST request to the 'wp_ajax_fed_login_form_post' endpoint without the necessary authorization. Include a 'submit' field with the value 'reset_password' in the request payload. The absence of a capability check will allow the request to be processed, triggering the password reset for the administrator.
Remediation
Users are advised to update the Frontend Dashboard plugin to version 2.2.7 or later, where this vulnerability has been patched.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
5.0exploitability
9.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.