Improper neutralization of special elements used in an SQL command allows attackers to inject malicious SQL into database queries through the Frontend Dashboard WordPress plugin. This flaw can result in unauthorized database access and modification, potentially exposing sensitive data or altering site content. The vulnerability exists in all plugin releases up to and including version 2.2.5. Based on the description, the impact could include data theft, unauthorized data alteration, or, if the database user has elevated privileges, further exploitation leading to broader system compromise.

The vulnerable software is the Fore­nt­end Dashboard plugin developed by M A Vinoth Kumar. Versions from the earliest available build through 2.2.5 are affected; any installation of the plugin in those releases is at risk.

The CVSS score of 9.3 indicates a high severity. The EPSS score of less than 1% suggests that, at present, the exploitation likelihood is low, and the vulnerability is not listed in the CISA KEV catalog. Attackers could likely trigger the flaw by sending specially crafted input to the plugin’s front‑end interface, which may be accessible to unauthenticated users. The exploit does not require elevated privileges on the host, so remote unauthenticated exploitation is plausible; however, the exact vector is not explicitly documented.