CVE-2025-3604

Name of the Vulnerable Software and Affected Versions Flynax Bridge plugin for WordPress versions up to, and including, 2.2.0

Description The issue is related to privilege escalation via account takeover due to the plugin not properly validating a user's identity prior to updating their details, such as the email address. This allows unauthenticated attackers to change arbitrary users' email addresses, including those of administrators, and leverage that to reset the user's password and gain access to their account.

Recommendations For versions up to, and including, 2.2.0, update to a version that includes the necessary validation to prevent account takeover. As a temporary workaround, consider restricting access to user account management features until a patch is available. Avoid using the plugin until the issue is resolved, to minimize the risk of exploitation.