The Frontend Admin plugin for WordPress is a popular add-on used to enhance the user experience of WordPress websites. However, this vulnerability allows attackers to modify arbitrary WordPress options, potentially leading to unauthorized access to critical settings such as user registration and admin email.
You're affected if you use Frontend Admin by DynamiApps. Specific version info not stated in the advisory.
Upgrade to Frontend Admin by DynamiApps 3.29.0 or later.
- For immediate mitigations:
- Restrict network access to your WordPress installation (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized plugin updates