The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible unauthenticated attackers manipulate user processing forms, which can be used add edit administrator privilege escalation, or automatically log users authentication bypass, post form that inject arbitrary web scripts. only exploited if 'openssl' php extension not loaded server.