CVE Details
Basic Information
| Title | Brave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator |
|---|---|
| Type | cve |
| Published | 2025-08-02T11:23:55.098Z |
| Modified | 2025-08-02T11:23:55.098Z |
Product Information
| Vendor | Brave |
|---|---|
| Product | Brave Conversion Engine (PRO) |
| Version | * |
CVSS Information
| Base Score | 9.8 (CRITICAL) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
AI Analysis
| AI Description | The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass, allowing attackers to log in as other users, including administrators, without proper authentication. This affects versions up to 0.7.7 due to improper restriction of Facebook authentication. |
|---|---|
| AI Severity | Critical |
| AI Vendor | WordPress Community |
| AI Product | Brave Conversion Engine (PRO) |
| AI Version | 0.7.7 |
Affected Products
- Brave Brave Conversion Engine (PRO) *
Additional Information
| CWE List | CWE-288 |
|---|---|
| Source | Wordfence |
Description
The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.