The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
                
            Metrics
Affected Vendors & Products
Advisories
    | Source | ID | Title | 
|---|---|---|
|  EUVD | EUVD-2024-34259 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. | 
Fixes
    Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
        History
                    Thu, 05 Jun 2025 15:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Dynamiapps Dynamiapps frontend Admin | |
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:a:dynamiapps:frontend_admin:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products | Dynamiapps Dynamiapps frontend Admin | 
Mon, 16 Dec 2024 17:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Sat, 14 Dec 2024 08:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. | |
| Title | Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation | |
| Weaknesses | CWE-269 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2024-12-16T16:40:45.292Z
Reserved: 2024-11-25T18:54:51.356Z
Link: CVE-2024-11721
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-12-16T16:34:31.013Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-12-14T09:15:06.383
Modified: 2025-06-05T15:29:36.250
Link: CVE-2024-11721
 Redhat
                        Redhat
                    No data.
 OpenCVE Enrichment
                        OpenCVE Enrichment
                    No data.