WordPress Plugin Vulnerabilities

Branda – White Label & Branding, Free Login Page Customizer < 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover

Description

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Affects Plugins

Plugin icon
branda-white-labeling
Fixed in 3.4.29

References

CVE
CVE-2025-14998
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46be82-570f-4172-9c3f-746b894b84b9

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Drew Webber (mcdruid)
Verified
No
WPVDB ID
f6b0ef89-0a08-47dd-af42-d69603049723

Timeline

Publicly Published
2026-01-01 (about 4 months ago)
Added
2026-01-01 (about 4 months ago)
Last Updated
2026-01-02 (about 4 months ago)

Other

Published
Title
Published
2024-12-02
Title
Client Invoicing by Sprout Invoices < 20.8.1 - Insecure Direct Object Reference
Published
2026-02-17
Title
Frontend User Notes < 2.1.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification
Published
2026-04-07
Title
Blog2Social: Social Media Auto Post & Scheduler < 8.8.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter
Published
2026-02-18
Title
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure
Published
2024-04-22
Title
BuddyBoss platform < 2.7.60 - Private Comment Exposure via IDOR