Recurring contribution page on frontend tries to access wp-admin.

I've got a user dashboard that includes recurring contributions. A recurring contribution has two links, cancel and view. When clicking the "view" link, the user is directed to the following URL:

https://example.org/civi/contact/view/contributionrecur/?reset=1&id=2&cid=66&context=dashboard

This page contains two pieces, the details on the recurring contribution and the "related contributions" - i.e. the previous iterations of the recurring contribution.

However, the second part of the page only works when users have the "access the civicrm backend and API" permission, and I believe that's because the second half is retrieved using this URL:

https://example.org/wp-admin/admin.php?page=CiviCRM&q=civicrm%2Fcontribute%2Fcontributionrecur-payments&reset=1&id=2&cid=66&snippet=json

If I remove that permission, the user gets an error.

Additionally, and I can open a separate bug for this if it is in fact a bug, there's a "done" button on the contribution detail page. This attempts to take the user back to the civicrm "main" dashboard (on the front-end) rather than the user dashboard where we came from.

I can provide any other details, logs, etc as needed.