A critical privilege escalation vulnerability in the Frontend Admin by DynamiApps WordPress plugin allows unauthenticated attackers to create administrator accounts. The flaw stems from insecure form submission handling that accepts arbitrary form definitions from user input rather than securely loading validated configurations from the backend. When the `_acf_form` POST parameter is submitted as an array [truncated]
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. The plugin fails to properly verify that a user is authorized to perform actions on target accounts. Authenticated attackers with subscriber-level access and above can overwrite an administrator's user_pass, user_email, first_name, last_name, and other profile fields by [truncated]
