CVE-2024-8268: 
WordPress vulnerability analysis and mitigation

The Frontend Dashboard plugin for WordPress (CVE-2024-8268) contains a vulnerability related to unauthorized code execution, discovered and disclosed on September 9, 2024. The vulnerability affects all versions up to and including 2.2.4 of the plugin. This security issue stems from insufficient filtering on callable methods/functions in the ajax_request() function (NVD).

The vulnerability is classified as an Improper Control of Generation of Code (Code Injection) vulnerability, identified as CWE-94. It has received a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a high severity level with network attack vector, low attack complexity, and requiring low privileges (Wordfence).

The vulnerability allows authenticated attackers with subscriber-level access or higher to call arbitrary functions, which can be leveraged for privilege escalation. Specifically, attackers can exploit this vulnerability to change user passwords, potentially leading to unauthorized access and system compromise (NVD).

A patch has been released in version 2.2.5 of the Frontend Dashboard plugin. Users are advised to update their installations to this latest version to mitigate the vulnerability (WordPress).