DynamiApps Frontend Admin
Moderate fix1 remedy
cpe:2.3:a:dynamiapps:frontend_admin:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.28.28
Frontend Admin by DynamiApps SQL Injection Vulnerability in WordPress Plugin
Vulnerability
Patched
A SQL injection vulnerability has been identified in the Frontend Admin by DynamiApps WordPress plugin, affecting all versions through 3.28.28. The vulnerability arises from inadequate escaping of user-supplied data in the 'order' parameter, allowing authenticated attackers with administrator privileges to inject additional SQL queries. This exploitation requires a valid 'orderby' parameter to access the vulnerable code that integrates the 'order' value into the SQL query.
Impact
Successful exploitation allows authenticated attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.
Reproduction
To reproduce this vulnerability, an authenticated user with administrator rights can send a request to the WordPress site with the 'order' parameter included. It is essential to also include a valid 'orderby' parameter in the same request. The vulnerable plugin will process the 'order' parameter without proper sanitization, allowing the injection of malicious SQL code.
Remediation
Users are advised to update the Frontend Admin by DynamiApps plugin to version 3.28.29 or later.
Added: May 29, 2026, 9:27 AM
Updated: May 29, 2026, 9:27 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
3.1exploitability
6.0remediation
7.7relevance
9.8threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.