CVE-2024-11721: CWE-269 Improper Privilege Management in shabti Frontend Admin by DynamiApps
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
AI Analysis
Technical Summary
The Frontend Admin by DynamiApps plugin for WordPress suffers from improper privilege management (CWE-269) due to inadequate controls on the 'Role' field in a form. This flaw allows unauthenticated users with access to the form to escalate privileges by creating new administrative user accounts, bypassing intended role restrictions. The vulnerability affects all versions up to and including 3.24.5 and has a CVSS 3.1 base score of 8.1, indicating high severity. No official patch or remediation guidance is currently available.
Potential Impact
Successful exploitation enables unauthenticated attackers to create new administrative accounts on the WordPress site, resulting in complete site compromise including confidentiality, integrity, and availability impacts. This can lead to unauthorized access, data theft, site defacement, or further malicious activity under administrative privileges.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict or disable public access to any forms that include user role selection fields in the Frontend Admin plugin. Monitor plugin updates from DynamiApps for a security patch addressing this vulnerability.
CVE-2024-11721: CWE-269 Improper Privilege Management in shabti Frontend Admin by DynamiApps
Description
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Frontend Admin by DynamiApps plugin for WordPress suffers from improper privilege management (CWE-269) due to inadequate controls on the 'Role' field in a form. This flaw allows unauthenticated users with access to the form to escalate privileges by creating new administrative user accounts, bypassing intended role restrictions. The vulnerability affects all versions up to and including 3.24.5 and has a CVSS 3.1 base score of 8.1, indicating high severity. No official patch or remediation guidance is currently available.
Potential Impact
Successful exploitation enables unauthenticated attackers to create new administrative accounts on the WordPress site, resulting in complete site compromise including confidentiality, integrity, and availability impacts. This can lead to unauthorized access, data theft, site defacement, or further malicious activity under administrative privileges.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict or disable public access to any forms that include user role selection fields in the Frontend Admin plugin. Monitor plugin updates from DynamiApps for a security patch addressing this vulnerability.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-11-25T18:54:51.356Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6e1ab7ef31ef0b5953a9
Added to database: 2/25/2026, 9:48:10 PM
Last enriched: 4/9/2026, 6:04:22 AM
Last updated: 4/12/2026, 8:31:37 AM
Views: 22
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.