Frontend Dashboard < 2.2.2 – Authenticated (Subscriber+) Stored Cross-Site Scripting | CVE 2024-29775 | Plugin Vulnerabilities

Description

The Frontend Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

frontend-dashboard

Fixed in 2.2.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/a9ca2479-10ce-42ec-a9f3-0f91119d9525

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

CatFather

Verified

No

WPVDB ID

4d6878d5-dd96-4f82-b455-d87b21ac0b27

Timeline

Publicly Published

2024-03-25 (about 2 years ago)

Added

2024-04-01 (about 2 years ago)

Last Updated

2024-04-01 (about 2 years ago)

Other

Published

Title

Published

2024-03-29

Title

WooCommerce Bookings Calendar <= 1.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2026-01-28

Title

Oyster - Photography WordPress <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting

Published

2023-04-24

Title

Dynamically Register Sidebars <= 1.0.1 - Admin+ Stored XSS

Published

2021-04-26

Title

Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS

Published

2025-06-03

Title

FlatNews < 6.2 - Reflected Cross-Site Scripting