CVE-2025-14998 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plug…
Critical CVSS: 9.8

CVE-2025-14998

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Vendor
-
Product
-
CWE
CWE-639
Yayın Tarihi
2026-01-02 03:15:50
Güncelleme
2026-01-02 16:45:26
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-639 CRITICAL 2026

Referanslar

https://plugins.trac.wordpress.org/browser/branda-white-labeling/tags/3.4.24/inc/modules/login-screen/signup-password.php#L24 https://plugins.trac.wordpress.org/changeset/3429115/branda-white-labeling#file1749 https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46be82-570f-4172-9c3f-746b894b84b9?source=cve