CVE-2025-7710

Critical CVSS: 9.8

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.

Vendor

Product

CWE

CWE-288

Yayın Tarihi

2025-08-02 12:15:28

Güncelleme

2025-08-04 15:06:15

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-288 CRITICAL 2025

Referanslar

https://getbrave.io/brave-pro-changelog/ https://www.wordfence.com/threat-intel/vulnerabilities/id/604249c6-b23a-40e9-984d-2014f5c97249?source=cve