Brevo < 3.3.1 – Unauthenticated Authorization Bypass via Type Juggling | CVE 2025-14799 | Plugin Vulnerabilities

Description

The plugin is vulnerable to authorization bypass due to type juggling due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings by sending a boolean `true` value for the `id` parameter, which bypasses the authorization check through PHP type juggling.

Affects Plugins

Fixed in 3.3.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/f29e5b19-2505-4b02-92c7-071833de6bc2

Miscellaneous

Original Researcher

ISMAILSHADOW

Verified

No

WPVDB ID

6feaf968-7937-4919-9dde-8c5fa455e4e9

Timeline

Publicly Published

2026-02-17 (about 3 months ago)

Added

2026-02-18 (about 3 months ago)

Last Updated

2026-02-18 (about 3 months ago)

Other

Published

Title

Published

2021-06-07

Title

Comments Like Dislike < 1.1.4 - Add Like/Dislike Bypass

Published

2015-06-26

Title

Multiple Themes - Privilige Escalation

Published

2021-09-13

Title

WooCommerce Multi Currency < 2.1.18 - Authenticated Product Price Change

Published

2024-04-22

Title

Appointment Hour Booking < 1.4.57 - Captcha Bypass

Published

2025-07-24

Title

PPWP < 1.9.11 - Subscriber+ Access Bypass via REST API