Ctrl + K
/ news / CVE
CVEPublished 2024-05-02Modified 2026-04-081 article on news7 live referencesNVD data

CVE-2024-3729Dynamiapps · Frontend_admin

Vulnerability data via NVD (ingested)

CVSS v3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
68
Exploit Prediction Scoring System · top 32% of all CVEs
Weaknesses (CWE)
CWE-636Not Failing Securely ('Failing Open')CWE-754Improper Check for Unusual or Exceptional Conditions
Description

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can be used to add and edit administrator user for privilege escalation, or to automatically log in users for authentication bypass, or manipulate the post processing form that can be used to inject arbitrary web scripts. This can only be exploited if the 'openssl' php extension is not loaded on the server.

Timeline
Published 2024-05-02
Modified 2026-04-08

External references

NVDMITREExploit-DBGitHub PoCSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2024-3729
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · WP plugin path
http.html:"/wp-content/plugins/frontend-admin/"
Matches any site loading the "frontend-admin" plugin — doesn't rely on Shodan's vuln tag.
Shodan · product
product:"Dynamiapps Frontend Admin"
All exposed Dynamiapps Frontend Admin instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Frontend Admin"
HTTP body or banner mentions "Frontend Admin" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2024-3729
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2024-3729
Censys host search filtered to this CVE id.
grep.app
CVE-2024-3729
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2024-3729
GitHub code search for direct mentions.
Google dork
"CVE-2024-3729" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2024-37298 repos
yks0000/starred-repo-tocGo
Generates Markdown table for all Starred Repositories by a GitHub user.
★ 44·updated 5d ago
tycloud97/awesome-starsunknown
A curated list of my GitHub stars by stargazed
★ 32·updated 5d ago
maxgfr/awesome-starsunknown
List of repositories that I liked on Github
★ 22·updated 5d ago
hiifong/starListPython
Export your star's repository list
★ 18·updated 5d ago
svg153/awesome-starsunknown
★ 12·updated 5d ago
chnzzh/OpenSSL-CVE-libunknown
★ 7·updated 5d ago
liuzhen9320/zstarunknown
They said organizing stars was extremely troublesome, so I lent a hand.
★ 3·updated 5d ago
brimstone/starsunknown
My starred GitHub repositories
★ 2·updated 5d ago
Articles on news mentioning CVE-2024-3729