exploitDog

CVE-2025-4177

Опубликовано: 02 мая 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser() function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to delete arbitrary users.

Ссылки

https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/src/API.php#L386
Product
Technical Description
https://www.wordfence.com/threat-intel/vulnerabilities/id/dcb33d02-d384-4dff-91e1-c49e86b97d6e?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flynax:flynax_bridge:*:*:*:*:*:wordpress:*:*

Версия до 2.2.0 (включая)

EPSS

Процентиль: 32%

0.00119

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-25rc-v26v-6w83

CVSS3: 5.3

github

6 месяцев назад

The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser() function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to delete arbitrary users.

EPSS

Процентиль: 32%

0.00119

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862

CWE-862