WordPress Plugin Vulnerabilities

Bridge Core < 3.3.1 - Missing Authorization

Description

The Bridge Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
bridge-core
Fixed in 3.3.1

References

CVE
CVE-2025-24744
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb5a65a-313f-44b3-9a79-7fae1207e8e2

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ananda Dhakal
Verified
No
WPVDB ID
ce5326ee-dcb8-4ff4-9675-5d38d74e5df3

Timeline

Publicly Published
2025-01-24 (about 1 year ago)
Added
2025-01-28 (about 1 year ago)
Last Updated
2025-01-28 (about 1 year ago)

Other

Published
Title
Published
2026-01-23
Title
UPI QR Code Payment Gateway for WooCommerce < 1.6.1 - Missing Authorization
Published
2024-02-26
Title
Comments Extra Fields For Post,Pages and CPT < 5.1 - Missing Authorization
Published
2025-08-11
Title
B Slider- Gutenberg Slider Block for WP < 2.0.0 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation
Published
2024-01-10
Title
EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update
Published
2025-08-03
Title
Wikipedia Preview < 1.16.0 - Missing Authorization