The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
The plugin does not properly verify user identity before performing updates to user data, particularly the password. An unauthenticated attacker can make an appropriate request to the request.php file, providing the target user's identifier and a new password. The lack of identity validation (CWE-620 — Unverified Password Change) causes the password change to be accepted by the system.
An attacker can change the password of any WordPress user, including administrators, and then log into the compromised account to gain full control of the website.
Update the Flynax Bridge plugin to a version higher than 2.2.0, in accordance with the fix available in changeset 3306501 in the WordPress Plugins repository. Until the update is applied, it is recommended to deactivate the plugin.
Flynax Bridge plugin for WordPress in all versions up to and including 2.2.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFlynax Bridge
APPFlynax≤ 2.2.0
Related vulnerabilities
Flynax Bridge dla WordPress — przejęcie konta przez zmianę adresu e-mail
The Flynax Bridge plugin for WordPress is vulnerable to limited Privilege Escalation due to a missing capabili...
The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability ...