Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-4473

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends outgoing emails. By pointing SMTP to their own server, attackers could capture password reset emails intended for administrators, and elevate their privileges for full site takeover.

Published

2025-05-13T07:15:52.637

Last Modified

2025-05-13T19:35:18.080

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-285

Affected Vendors & Products

References

https://plugins.trac.wordpress.org/browser/frontend-dashboard/tags/2.2.7/includes/admin/function-admin.php#L3055 ([email protected])
https://plugins.trac.wordpress.org/browser/frontend-dashboard/tags/2.2.7/includes/admin/layout/settings_tab/email/class-fed-email.php#L122 ([email protected])
https://plugins.trac.wordpress.org/browser/frontend-dashboard/tags/2.2.7/route/class-fed-request.php#L35 ([email protected])
https://plugins.trac.wordpress.org/changeset/3290623/ ([email protected])
https://wordpress.org/plugins/frontend-dashboard/#developers ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f3a10b5-b024-4b3f-af67-b7fcb997d368?source=cve ([email protected])