Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical1
High3
Medium0
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-05-13

CVE-2025-4474 - Frontend Dashboard Plugin

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the plugin’s 'register' role setting to make new user registrations default to the administrator role, leading to an elevation of privileges to that of an administrator.

PLUGIN Frontend Dashboard

CVE-2025-4474

HIGH CVSS 8.8 2025-05-13
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2025-4473 - Frontend Dashboard Plugin

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends outgoing emails. By pointing SMTP to their own server, attackers could capture password reset emails intended for administrators, and elevate their privileges for full site takeover.

PLUGIN Frontend Dashboard

CVE-2025-4473

HIGH CVSS 8.8 2025-05-13
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2025-4104 - Frontend Dashboard Plugin

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions 1.0 to 2.2.6. This makes it possible for unauthenticated attackers to reset the administrator’s email and password, and elevate their privileges to that of an administrator.

PLUGIN Frontend Dashboard

CVE-2025-4104

CRITICAL CVSS 9.8 2025-05-07
Open Full Technical Breakdown
Threat Entry Updated 2024-09-26

CVE-2024-8268 - Frontend Dashboard Plugin

The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to call arbitrary functions that can be leverage for privilege escalation by changing user's passwords.

PLUGIN Frontend Dashboard

CVE-2024-8268

HIGH CVSS 8.8 2024-09-10
Open Full Technical Breakdown
Scroll to top