CVE-2024-3729: 
WordPress vulnerability analysis and mitigation

The Frontend Admin by DynamiApps plugin for WordPress contains a vulnerability (CVE-2024-3729) related to improper missing encryption exception handling in the 'fea_encrypt' function, affecting all versions up to and including 3.19.4. This vulnerability was discovered and reported by Wordfence, with initial disclosure on May 2, 2024 (Wordfence Report).

The vulnerability stems from improper missing encryption exception handling in the 'fea_encrypt' function. The issue can be exploited when the 'openssl' PHP extension is not loaded on the server. The vulnerability has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (Wordfence Report).

The vulnerability allows unauthenticated attackers to manipulate user processing forms, which can lead to multiple severe consequences: adding and editing administrator users for privilege escalation, bypassing authentication through automatic user login, and manipulating post processing forms to inject arbitrary web scripts (NVD).

Users should update to a version newer than 3.19.4 when available. Additionally, ensuring that the 'openssl' PHP extension is properly loaded and configured on the server can prevent exploitation of this vulnerability (NVD).