CVE-2025-4179

📊 7.3 HIGH⚡ 0.1%🎯 0 exploits

📅 Published May 2, 2025

📋 Status: Analyzed

The Flynax Bridge plugin for WordPress is vulnerable to limited Privilege Escalation due to a missing capability check on the registerUser() function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to register new user accounts as authors.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	flynax	flynax bridge	≤ 2.2.0 Target SW: wordpress	Vulnerable	cpe:2.3:a:flynax:flynax_bridge::::::wordpress::*

📱

flynax / flynax bridge

Application

Vulnerable

Version: ≤ 2.2.0

Target SW: wordpress

CPE:

cpe:2.3:a:flynax:flynax_bridge:*:*:*:*:*:wordpress:*:*

Metrics

7.3 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

NONE

User Interaction:

NONE

Confidentiality:

LOW

Integrity:

LOW

Availability:

LOW

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

7.3 (HIGH)v3.1

Source: [email protected]

EPSS Details

0.1% (Minimal)35.7th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

May 2, 2025 (6 months ago)

Last Modified

May 6, 2025 (5 months ago)

Security Weaknesses2

CWE-862

References3

NVDadvisorygeneral