Main Vulnerability Database SB2025050539

SB2025050539 - Multiple vulnerabilities in Flynax Bridge plugin for WordPress

Published: May 5, 2025

Security Bulletin ID SB2025050539

Severity

Medium

Patch available

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Missing Authorization (CVE-ID: CVE-2025-4179)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to a missing capability check on the registerUser() function. A remote attacker can register new user accounts as authors.

2) Missing Authorization (CVE-ID: CVE-2025-4177)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to a missing capability check on the deleteUser() function. A remote attacker can delete arbitrary users.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

SB2025050539 - Multiple vulnerabilities in Flynax Bridge plugin for WordPress

Breakdown by Severity

Description

Remediation

References

Please verify you're human