- Description
- The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the plugin’s 'register' role setting to make new user registrations default to the administrator role, leading to an elevation of privileges to that of an administrator.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-285
- Hype score
- Not currently trending
CVE-2025-4474 (CVSS:8.8, HIGH) is Awaiting Analysis. The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on t..https://t.co/eD2akazmgU #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
18 May 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4474 The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in… https://t.co/Cw1zIFYwYF
@CVEnew
13 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4474: HIGH] WordPress Frontend Dashboard plugin v1.0 to 2.2.7 is at risk. A missing check allows attackers with Subscriber access to elevate privileges, overwriting settings to gain admin role.#cve,CVE-2025-4474,#cybersecurity https://t.co/91S3mf4osN https://t.co/COdZxH
@CveFindCom
13 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes