Overview
The Common Vulnerabilities and Exposures (CVE) system has recently identified a severe vulnerability, CVE-2025-3604, which exposes WordPress websites using the Flynax Bridge plugin to significant risk. This plugin, widely used for integrating WordPress with the Flynax Classifieds Software, has a critical loophole that could potentially allow an unauthenticated attacker to take over any user account, including those with administrative privileges.
The vulnerability is particularly dangerous because it does not require any special user privileges or interaction, making every WordPress site running an affected version of this plugin a potential target. The impact of a successful exploit could be devastating, leading to system compromise, and unauthorized data access.
Vulnerability Summary
CVE ID: CVE-2025-3604
Severity: Critical (9.8 CVSS Score)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: System compromise, potential data leakage
Affected Products
No phone number, email, or personal info required.
Product | Affected Versions
Flynax Bridge Plugin for WordPress | All versions up to and including 2.2.0
How the Exploit Works
The Flynax Bridge plugin for WordPress fails to properly validate a user’s identity before allowing changes to their account details, such as their email address. This means an unauthenticated attacker could manipulate the system, altering arbitrary user’s email addresses, including those of administrators. By doing so, they could then initiate a password reset, which would be sent to the newly assigned email, thus gaining unauthorized access to the account.
Conceptual Example Code
Here’s a conceptual example of how an HTTP request exploiting this vulnerability might look:
POST /wp-json/flynax/v1/changeEmail HTTP/1.1
Host: target.example.com
Content-Type: application/json
{
"user_id": 1,
"new_email": "attacker@example.com"
}In this example, the attacker sends a POST request to the changeEmail endpoint of the Flynax Bridge plugin’s API. They specify the user_id of the account they wish to take over (in this case, 1 for the admin account) and their own email address as the new_email. The server then changes the email address of the specified account without properly verifying the requester’s identity, allowing the attacker to reset the password and gain access.
Mitigation and Prevention
The safest and most effective solution to this vulnerability is applying the vendor-supplied patch. Users should immediately update their Flynax Bridge plugin to version 2.2.1 or later. As a temporary mitigation, users can also use a Web Application Firewall (WAF) or Intrusion Detection System (IDS) to filter out malicious requests attempting to exploit this vulnerability. However, this should not be considered a long-term solution as it can only minimize the risk, not eliminate it.
Remember, regular software updates are an integral part of maintaining a secure online presence.