cleantalk
Vulnerabilities and Security Researches

Flynax Bridge, CVE-2025-3603

CVE, Research URL

CVE-2025-3603

Home page URL

Security reports for Flynax Bridge

Application

Flynax Bridge

Published on
Apr 24, 2025
Research Description
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Affected versions
Min -, max 2.2.0.
Status
vulnerable
Previous vulnerability researches
Advanced Accordion Gutenberg Block (619349ba47bf00135c6393c9e4674307f8d3ef30) , Jun 07, 2024
Advanced Accordion Gutenberg Block (CVE-2025-2543) , Apr 25, 2025
New vulnerability
Master Slider – Responsive Touch Slider (CVE-2025-39412) , Apr 29, 2025
WordPress Simple Shopping Cart (CVE-2025-3530) , Apr 29, 2025
Brid Video Easy Publish (CVE-2025-32688) , Apr 29, 2025
Material Dashboard (CVE-2025-32486) , Apr 29, 2025
Greenshift – animation and page builder blocks (CVE-2025-3616) , Apr 29, 2025