Plugin icon

Frontend Admin by DynamiApps

acf-frontend-form-element

Vulnerabilities:

16

Last Updated:

May 7, 2026

Active Installs:

10000

Published
Title
Fixed in
CVSS
Published
2026-05-14
Title
Frontend Admin by DynamiApps < 3.29.1 - Unauthenticated Privilege Escalation via Edit User Form
Fixed in
Fixed in 3.29.1
CVSS
9.8 (critical)
Published
2026-03-25
Title
Frontend Admin by DynamiApps < 3.28.32 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts
Fixed in
Fixed in 3.28.32
CVSS
7.2 (high)
Published
2026-01-08
Title
Frontend Admin by DynamiApps < 3.28.24 - Unauthenticated Stored Cross-Site Scripting via 'update_field'
Fixed in
Fixed in 3.28.24
CVSS
7.2 (high)
Published
2026-01-08
Title
Frontend Admin by DynamiApps < 3.28.26 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element
Fixed in
Fixed in 3.28.26
CVSS
9.1 (critical)
Published
2026-01-08
Title
Frontend Admin by DynamiApps < 3.28.30 - Unauthenticated Privilege Escalation to Administrator via Role Form Field
Fixed in
Fixed in 3.28.30
CVSS
8.1 (high)
Published
2025-12-03
Title
Frontend Admin by DynamiApps < 3.28.21 - Unauthenticated Arbitrary Options Update
Fixed in
Fixed in 3.28.21
CVSS
9.8 (critical)
Published
2025-08-12
Title
Frontend Admin by DynamiApps < 3.28.5 - Authenticated (Subscriber+) SQL Injection
Fixed in
Fixed in 3.28.5
CVSS
6.5 (medium)
Published
2025-06-26
Title
Frontend Admin by DynamiApps < 3.28.8 - Authenticated (Editor+) Arbitrary File Deletion
Fixed in
Fixed in 3.28.8
CVSS
6.5 (medium)
Published
2025-02-23
Title
Frontend Admin by DynamiApps < 3.25.18 - Reflected Cross-Site Scripting
Fixed in
Fixed in 3.25.18
CVSS
6.1 (medium)
Published
2024-12-20
Title
Frontend Admin by DynamiApps < 3.25.2 - Unauthenticated SQL Injection
Fixed in
Fixed in 3.25.2
CVSS
5.9 (medium)
Published
2024-12-13
Title
Frontend Admin by DynamiApps < 3.25.1 - Unauthenticated Stored Cross-Site Scripting
Fixed in
Fixed in 3.25.1
CVSS
7.2 (high)
Published
2024-12-13
Title
Frontend Admin by DynamiApps < 3.25.1 - Unauthenticated Privilege Escalation
Fixed in
Fixed in 3.25.1
CVSS
8.1 (high)
Published
2024-04-18
Title
Frontend Admin by DynamiApps < 3.19.5 - Improper Missing Encryption Exception Handling to Form Manipulation
Fixed in
Fixed in 3.19.5
CVSS
9.8 (critical)
Published
2023-12-27
Title
Frontend Admin by DynamiApps Plugin < 3.18.4 - Unauthenticated Arbitrary File Upload
Fixed in
Fixed in 3.18.4
CVSS
9.8 (critical)
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Fixed in
Fixed in 3.8.0
CVSS
6.1 (medium)
Published
2022-02-28
Title
Unauthorised AJAX Calls via Freemius
Fixed in
Fixed in 3.3.33
CVSS
4.3 (medium)