CVE-2025-13342

| EUVD-2025-200979 CRITICAL
2025-12-03 [email protected]
Authentication Bypass WordPress PHP
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 16:14 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 16:14 euvd
EUVD-2025-200979
CVE Published
Dec 03, 2025 - 13:16 nvd
CRITICAL 9.8

DescriptionNVD

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run() save handler. This makes it possible for unauthenticated attackers to modify critical WordPress options such as users_can_register, default_role, and admin_email via submitting crafted form data to public frontend forms.

AnalysisAI

A security vulnerability in Frontend Admin by DynamiApps (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Technical ContextAI

CWE-862 (Missing Authorization). CVSS 9.8 indicates critical severity with likely remote exploitation vector. Affects Frontend Admin by DynamiApps.

RemediationAI

Monitor vendor channels for patch availability.

Share

CVE-2025-13342 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy