CVE-2025-14736CVECriticalThreat IntelWORDPRESS PLUGIN
CVE-2025-14736: WORDPRESS PLUGIN β What You Need to Know
C
Cyber121 Team
Cyber121 Threat Intelligence
April 7, 20263 min read
Title: CVE-2025-14736: WORDPRESS PLUGIN β What You Need to Know
CVE-2025-14736: WORDPRESS PLUGIN ZERO-CLICK PRIVILEGE ESCALATION
Overview
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation due to insufficient validation of user-supplied role values. This allows unauthenticated attackers to register as administrators.
This flaw grants complete administrative control over affected WordPress sites without requiring authentication.
CVSS Score: 9.8
Affected: WORDPRESS PLUGIN
Tags: PRIVILEGE ESCALATION Β· WORDPRESS Β· UNAUTHENTICATED Β· CRITICAL
Timeline
- DEC 2025 β Vulnerability discovered by researcher
- JAN 2026 β CVE-2025-14736 published
- JAN 2026 β Proof-of-concept exploit likely to emerge
- JAN 2026 β Vendor patch released (v3.28.26+)
Mitigation Steps
- Update Frontend Admin Plugin (CRITICAL) β Immediately update to version 3.28.26 or higher.
- Disable User Registration (HIGH) β If not critical, temporarily disable user registration on your WordPress site.
- Review User Roles (HIGH) β Audit existing user accounts for unauthorized administrator roles.
- Monitor WordPress Logs (MEDIUM) β Look for suspicious user registrations or privilege changes.
Published by Cyber121 Team. Stay ahead of threats at cyber121.com.
C
Cyber121 Team
Cyber121 Threat Intelligence