CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-51411

CVSS 10.0v3.1pub. 2023-12-29upd. 2026-04-28

Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.

🤖 AI Analysis
How it works

The vulnerability of type CWE-434 (Unrestricted Upload of File with Dangerous Type) results from the lack of proper verification of the type and content of uploaded files on the server side. An attacker without any authentication can upload a file with a dangerous extension (e.g., PHP) through the frontend form handling mechanism provided by the plugin. Once the malicious file is placed on the server, the attacker can then execute its contents, gaining remote control of the server.

Impact

An attacker can gain the ability to execute arbitrary code (RCE) on the server hosting the vulnerable WordPress installation, which can consequently lead to complete server compromise, data theft, installation of backdoors, and further lateral movement within the infrastructure.

Mitigation & patch

The Frontend Admin by DynamiApps plugin should be immediately updated to a version higher than 3.18.3, in accordance with information available from the vendor and in the Patchstack database. Until the update is applied, it is recommended to disable the plugin. It is also advisable to conduct a file audit on the server to detect any potentially already uploaded malicious files.

Who is affected

The WordPress Frontend Admin by DynamiApps plugin (acf-frontend-form-element) in versions from its initial release through 3.18.3 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Dynamiapps Frontend Admin

    APP
    Dynamiapps
    ≤ 3.18.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-3729CRITICAL9.8PL ✓ten sam produkt

Auth Bypass i privilege escalation w pluginie Frontend Admin dla WordPress

CVE-2025-26987HIGH7.1ten sam produkt

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti K...

CVE-2024-11720HIGH7.2ten sam produkt

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submiss...

CVE-2024-11721HIGH8.1ten sam produkt

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up...

CVE-2024-11722MEDIUM5.9ten sam produkt

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' paramet...