Hyun Chiya

2 exploits Active since Jan 2026
CVE-2025-14124 NOMISEC HIGH WORKING POC
Team WordPress <5.0.11 - SQL Injection
The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
CVSS 8.6
CVE-2025-14736 NOMISEC CRITICAL WORKING POC
Frontend Admin by DynamiApps <3.28.25 - Privilege Escalation
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.29. This is due to insufficient validation of user-supplied role values in the 'validate_value', 'pre_update_value', and 'get_fields_display' functions. This makes it possible for unauthenticated attackers to register as administrators and gain complete control of the site, granted they can access a user registration form containing a Role field.
CVSS 9.8