The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

About

What Is It

A curated list of websites for cybersecurity. I'm a security enthusiast and love looking at websites/blogs about cybersecurity, especially offensive security. So I wanted to create something like a huge library.

Why Made It

Many people who visit this site probably think, "This is just a collection of links." That's right. The reason I made it is mainly for myself. There are so many sites out there that attract me, so it was unrealistic to list them all in my personal task management tool or add them all to my browser's bookmarks. In addition, I wanted to try something new tools/frameworks such as Astro.js.

Disclaimer

Security Links essentially lists sites without permission from the site owner. If your site is listed here and you want it to be excluded please contact me (see below). I'll exclude it immediately.

Contact Me

If you would like to issue or send a message, please email at hdks.bug[at]gmail.com