CVE-2025-3604
📊 9.8 CRITICAL⚡ 0.2%🎯 1 exploits
📅 Published Apr 24, 2025
📋 Status: Analyzed
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | flynax | flynax bridge | ≤ 2.2.0 Target SW: wordpress | Vulnerable | cpe:2.3:a:flynax:flynax_bridge:*:*:*:*:*:wordpress:*:* |
📱
VulnerableApplication
Version: ≤ 2.2.0
Target SW: wordpress
CPE:
cpe:2.3:a:flynax:flynax_bridge:*:*:*:*:*:wordpress:*:*
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
9.8 (CRITICAL)v3.1
Source: [email protected]
EPSS Details
0.2% (Minimal)40.5th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Apr 24, 2025 (6 months ago)
Last Modified
Aug 12, 2025 (2 months ago)
Security Weaknesses1
CWE-862
Available exploits (1)
References3
NVDadvisorygeneral