Brave Conversion Engine (PRO)

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.

Basic Information

ID CVE-2025-7710

Source Wordfence

Published Aug 2, 2025 at 11:23

Modified Aug 4, 2025 at 13:23

Affected Product

Vendor Brave

Product Brave Conversion Engine (PRO)

Version *

Affected Versions Brave Brave Conversion Engine (PRO) *

CWE Classification

CWE-288

References

{
    "lastseen": "",
    "description": "The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.",
    "published": "2025-08-02T11:23:55.098Z",
    "modified": "2025-08-04T13:23:10.939Z",
    "type": "cve",
    "title": "Brave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/604249c6-b23a-40e9-984d-2014f5c97249?source=cve\nhttps://getbrave.io/brave-pro-changelog/",
    "id": "CVE-2025-7710",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "Brave Brave Conversion Engine (PRO) *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Brave Conversion Engine (PRO)",
    "version": "*",
    "vendor": "Brave",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Brave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator_CVE-2025-7710