Missing Authorization in Bridge Core Plugin by NotFound
CVE-2025-24744

4.3MEDIUM

Key Information:

Vendor: Notfound
Status: Bridge Core
Vendor: CVE Published:; 27 January 2025

Summary

The NotFound Bridge Core plugin is susceptible to a missing authorization vulnerability, exposing users to potential unauthorized actions within the application. This flaw allows attackers to bypass access controls, potentially leading to undesirable changes or data exposure. The issue exists in Bridge Core across versions from n/a through 3.3, making it imperative for users to implement proper security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Bridge Core <= 3.3

References

https://patchstack.com/database/wordpress/plugin/bridge-c...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Ananda Dhakal (Patchstack)