CVE-2025-13342CRITICAL 9.8EPSS p35.5%

CVE-2025-13342CVE-2025-13342

Description

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run() save handler. This makes it possible for unauthenticated attackers to modify critical WordPress options such as users_can_register, default_role, and admin_email via submitting crafted form data to public frontend forms.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.5% · 2026-06-19T12:03:05Z
Published2025-12-03
Last modified2026-04-15

Underlying weaknesses· 1

CWE-862

References

  1. https://plugins.trac.wordpress.org/changeset/3400432/acf-frontend-form-element
  2. https://www.wordfence.com/threat-intel/vulnerabilities/id/613f2035-3061-429b-b218-83805287e4f3?source=cve

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-14736
CVE
CVE-2026-6228
CVE
CVE-2025-14741
CVE
CVE-2025-1309
CVE
CVE-2025-4474
CVE
CVE-2025-3605
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.