{"id":9572,"date":"2025-08-02T07:52:40","date_gmt":"2025-08-02T07:52:40","guid":{"rendered":"http:\/\/localhost\/?p=9572"},"modified":"2025-08-02T07:52:40","modified_gmt":"2025-08-02T07:52:40","slug":"brave-conversion-engine-pro-077-authentication-bypass-to-administrator","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9572","title":{"rendered":"Brave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nBrave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-08-02T11:23:55.098Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-08-02T11:23:55.098Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nBrave<\/td>\n<\/tr>\n
Product<\/th>\nBrave Conversion Engine (PRO)<\/td>\n<\/tr>\n
Version<\/th>\n*<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n9.8 (CRITICAL)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nThe Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass, allowing attackers to log in as other users, including administrators, without proper authentication. This affects versions up to 0.7.7 due to improper restriction of Facebook authentication.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
AI Vendor<\/th>\nWordPress Community<\/td>\n<\/tr>\n
AI Product<\/th>\nBrave Conversion Engine (PRO)<\/td>\n<\/tr>\n
AI Version<\/th>\n0.7.7<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n