The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
The plugin does not properly verify user identity before updating user data, including email address. An unauthenticated attacker can change the email address of any account — including administrator accounts. After changing the email address, the attacker initiates the standard password reset procedure, which sends a reset link to the newly set address, allowing them to ultimately take full control of the account.
An attacker can take over a WordPress administrator account, gaining full access to the website, including the ability to install plugins, modify content, and escalate privileges to administrator level (privilege escalation).
Update the Flynax Bridge plugin to a version higher than 2.2.0. According to the available changeset, the fix was introduced in the plugin repository (changeset 3306501). Apply patches available from the vendor according to the references.
The Flynax Bridge plugin for WordPress in all versions up to and including 2.2.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFlynax Bridge
APPFlynax≤ 2.2.0
Related vulnerabilities
Flynax Bridge dla WordPress — privilege escalation przez przejęcie konta
The Flynax Bridge plugin for WordPress is vulnerable to limited Privilege Escalation due to a missing capabili...
The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability ...