CVE Vulnerabilities

CVE-2025-7710

Authentication Bypass Using an Alternate Path or Channel

Published: Aug 02, 2025 | Modified: Aug 02, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.

Weakness

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Potential Mitigations

References