The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the admin_form post type. The admin_form custom post type uses 'capability_type' => 'page', which grants editors the ability to create and edit forms. When an editor creates an edit_user form, they can manipulate the form configuration to include 'administrator' in the role_options array by directly submitting POST data to wp-admin/post.php, bypassing the UI restrictions in feadmin_get_user_roles(). When the form is subsequently submitted, the pre_update_value() function in class-role.php only validates that the submitted role exists in the form's role_options array (lines 107-110), but fails to verify that the current user has permission to assign that specific role. This makes it possible for unauthenticated attackers to first register as editors (via a public new_user form), then create an edit_user form with administrator in the allowed roles, and finally use that form to escalate their own privileges to administrator.
The Frontend Admin by DynamiApps WordPress plugin versions up to 3.28.36 contain a privilege escalation vulnerability allowing editors to create forms that grant administrator roles to users. Attackers can bypass UI restrictions by directly manipulating POST data to inject administrator role options into user edit forms.
ثغرة تصعيد امتيازات في إضافة Frontend Admin للووردبريس تسمح للمحررين بإنشاء نماذج تمنح صلاحيات المسؤول. يمكن للمهاجمين تجاوز قيود الواجهة بإرسال بيانات POST مباشرة لحقن خيارات الأدوار الإدارية في نماذج تحرير المستخدمين.
Frontend Admin plugin for WordPress up to version 3.28.36 has a privilege escalation flaw that lets editors create forms granting administrator access. Attackers bypass interface restrictions by directly submitting modified POST requests to inject administrator roles into user forms.
Update the Frontend Admin by DynamiApps plugin to version 3.28.37 or later immediately. Implement strict capability checks in the role_options validation to ensure users cannot assign roles above their permission level. Restrict the admin_form post type capabilities to administrators only. Audit all existing edit_user forms for unauthorized role configurations.
قم بتحديث إضافة Frontend Admin إلى الإصدار 3.28.37 أو أحدث فوراً. طبق فحوصات قدرات صارمة في التحقق من role_options لمنع المستخدمين من تعيين أدوار أعلى من صلاحياتهم. قيد قدرات نوع المنشور admin_form للمسؤولين فقط. تدقيق جميع نماذج edit_user الموجودة للتحقق من التكوينات غير المصرح بها.