CVE-2025-3603

Published Apr 24, 2025

Last updated 2 months ago

CVSS critical 9.8

Overview

Description
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-620

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-3603 ⚠️🔴 CRITICAL (9.8) 🏢 v1rustyle - Flynax Bridge 🏗️ * 🔗 https://t.co/AKGddhJvye 🔗 https://t.co/cNNcdN0n8G #CyberCron #VulnAlert #InfoSec https://t.co/6iyDj8UCP5

    @cybercronai

    24 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-3603 WordPress Flynax Bridge Plugin Unauthenticated Privilege Escalation via Account Takeover https://t.co/PJR3erJWiG

    @VulmonFeeds

    24 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. �� CVE-2025-3603 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-24 09:15:31 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/csqJ58YB7R

    @vulns_space

    24 Apr 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-3603: CRITICAL] WordPress Flynax Bridge plugin up to 2.2.0 vulnerable to privilege escalation via account takeover due to lack of proper user identity validation during password updates.#cve,CVE-2025-3603,#cybersecurity https://t.co/kY2H3j3kqT https://t.co/RLGmc5BiVA

    @CveFindCom

    24 Apr 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-3603 The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin… https://t.co/s2mkE1F9Ub

    @CVEnew

    24 Apr 2025

    221 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.