CVE-2025-3603

Name of the Vulnerable Software and Affected Versions Flynax Bridge plugin for WordPress versions up to and including 2.2.0

Description The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover. This issue arises because the plugin does not properly validate a user's identity before updating their details, such as the password. As a result, unauthenticated attackers can change arbitrary users' passwords, including those of administrators, and leverage this to gain access to their accounts.

Recommendations For versions up to and including 2.2.0, update to a version later than 2.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's user update functionality until a patch is available. Avoid using the plugin's password update feature for any user accounts until the issue is resolved.