The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite an administrator's user_pass, user_email, first_name, last_name, and other profile fields by supplying an arbitrary ?user_id= value, enabling full administrator account takeover via direct password replacement or email-redirect password reset. Exploitation requires the targeted Edit-User form to have its 'Roles' configuration setting left empty; when a non-empty roles list is configured, load_data() sets the user ID to 'none' for users whose roles fall outside the allowed list, preventing administrators from being targeted through that form.
The Frontend Admin plugin for WordPress versions up to 3.29.2 contains an authorization bypass vulnerability allowing authenticated subscribers to modify administrator account details including passwords and emails. Attackers can achieve full administrator account takeover by manipulating the user_id parameter when the Roles configuration is left empty.
ثغرة تجاوز التفويض في إضافة Frontend Admin تسمح للمستخدمين المصرح لهم على مستوى المشترك بتعديل حقول ملف تعريف المسؤول بما في ذلك كلمة المرور والبريد الإلكتروني. يحدث هذا عندما لا يتم تكوين قائمة الأدوار المسموحة، مما يمكّن المهاجمين من الاستيلاء الكامل على حسابات المسؤول.
Frontend Admin plugin for WordPress up to version 3.29.2 has an authorization bypass flaw that allows authenticated users with subscriber access to modify administrator profiles. This vulnerability enables complete takeover of administrator accounts through password or email modification when role restrictions are not configured.
Immediately update the Frontend Admin plugin to version 3.29.3 or later. Ensure the Roles configuration setting is properly configured with non-empty role restrictions. Disable the plugin if immediate patching is not possible. Audit all administrator accounts for unauthorized modifications and reset compromised credentials.
قم بتحديث إضافة Frontend Admin إلى الإصدار 3.29.3 أو أحدث فوراً. تأكد من تكوين إعدادات الأدوار بقائمة غير فارغة. عطّل الإضافة إذا لم يكن التحديث ممكناً. تدقيق جميع حسابات المسؤولين للتحقق من التعديلات غير المصرح بها وإعادة تعيين بيانات الاعتماد المخترقة.