What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Path Traversal.This issue affects Frontend Admin by DynamiApps: from n/a through <= 3.28.7.
Explanation of Vulnerability in Simple Terms
02Summary
Frontend Admin by DynamiApps versions 3.28.7 and earlier contain a path traversal vulnerability that allows high-privilege users to read arbitrary files from the server. An attacker with admin-level access can bypass directory restrictions and access sensitive files outside the intended application directory. The vulnerability affects the file handling mechanism and requires administrative credentials to exploit.
What an attacker can do
03Attacker Capabilities
Read arbitrary files from the server filesystem.
Potential impact on your site
04Site Impact
Admin accounts could be compromised to expose sensitive configuration files, database credentials, or other private data.
Conditions required to exploit
05Prerequisites
Attacker must have high-level admin privileges on the site.
Key dates
06Disclosure timeline
July 4, 2025
CVE published
May 12, 2026
Record updated