A critical vulnerability exists in the "Frontend Admin by DynamiApps" WordPress plugin that allows unauthenticated attackers to change core website settings. By exploiting this flaw, an attacker could enable new user registrations, grant them administrator privileges, and potentially take complete control of the website. This represents a significant risk of site compromise, data breach, and reputational damage.

The vulnerability is located in the ActionOptions::run() function, which handles the saving of options. The function fails to perform adequate capability checks to ensure the user is authorized to make changes and does not properly validate the input being saved. An unauthenticated attacker can craft and submit a malicious payload to a public-facing form created by the plugin. This allows them to write arbitrary values to the WordPress options table, modifying critical settings such as users_can_register (to enable open registration), default_role (to set the new user role to 'administrator'), and admin_email (to initiate a password reset for the primary admin account), leading to a full site takeover.

This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high potential for widespread and severe impact. Successful exploitation could lead to a complete compromise of the affected WordPress site. The potential consequences include theft of sensitive user data, financial information, and intellectual property; website defacement; distribution of malware to site visitors; and significant reputational damage. An attacker gaining administrative control can disrupt business operations, incur financial losses, and violate data privacy regulations.

Immediate Action: Immediately update "The Frontend Admin by DynamiApps" plugin for WordPress to the latest available version that patches this vulnerability. After updating, thoroughly review all WordPress settings (especially user registration, default roles, and administrator email addresses) and administrator user accounts for any unauthorized modifications.

Proactive Monitoring: Monitor web server access logs and Web Application Firewall (WAF) logs for suspicious POST requests to pages containing forms generated by the plugin. Specifically, look for requests containing payloads that attempt to modify WordPress options like users_can_register, default_role, or admin_email. Monitor for unexpected changes in WordPress configurations or the creation of new, unauthorized administrative users.

Compensating Controls: If immediate patching is not feasible, consider the following controls:

• Implement strict WAF rules to block requests attempting to modify known sensitive WordPress options.
• Temporarily deactivate any public-facing forms created by the "Frontend Admin" plugin until it can be safely updated.
• Use a file integrity monitoring solution to alert on any unauthorized changes to WordPress core files or database options.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for a complete site takeover by an unauthenticated attacker, immediate action is required. We strongly recommend that all administrators of WordPress sites using "The Frontend Admin by DynamiApps" plugin apply the security update provided by the vendor without delay. Before and after patching, a security audit should be performed to check for any signs of compromise, including unauthorized user accounts or modified settings. If patching is not immediately possible, implement the recommended compensating controls, such as disabling the affected forms, to mitigate the immediate risk.