Security Advisory

CVE-2025-4104

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-07 09:21:44

Last updated 2025-05-07 13:29:49

Assigner Wordfence

State PUBLISHED

Description

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions 1.0 to 2.2.6. This makes it possible for unauthenticated attackers to reset the administrator’s email and password, and elevate their privileges to that of an administrator.

← Browse all CVEs View on cve.org ↗