CVE-2025-14998

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Branda versions = 3.4.24...

CVE-2025-14998

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

CVE-2025-14998 Branda – White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

CVE-2025-14998

The Branda plugin for WordPress is affected by CVE-2025-14998: versions through 3.4.24 are vulnerable to unauthenticated privilege escalation via account takeover because the plugin does not properly validate a user’s identity before updating passwords. This allows an attacker to change arbitrary...

VulnCheck KEV: CVE-2025-14998

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

WordPress plugin Branda 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2026-1041

Name of the Vulnerable Software and Affected Versions Branda plugin for WordPress versions through 3.4.24 Description The Branda plugin for WordPress is susceptible to privilege escalation through account takeover. This occurs because the plugin does not correctly verify a user’s identity before...

EUVD-2024-47627

Malicious code in bioql PyPI...

EUVD-2024-46434

Malicious code in bioql PyPI...

EUVD-2024-50306

Malicious code in bioql PyPI...

CVE-2024-9371

The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. This makes it possible for unauthenticated...

CVE-2024-6554

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it possible for...

WordPress Branda – White Label & Branding, Custom Login Page Customizer plugin <= 3.4.19 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Branda versions = 3.4.21...

CVE-2024-9371

The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. This makes it possible for unauthenticated...

PT-2024-39599 · WordPress · Branda – White Label & Branding

Name of the Vulnerable Software and Affected Versions: The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress versions up to, and including, 3.4.19 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without...

CVE-2024-37239 WordPress Branda plugin <= 3.4.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17...

CVE-2024-6554

The CVE-2024-6554 entry for Branda – White Label WordPress, Custom Login Page Customizer indicates a Full Path Disclosure vulnerability in all versions up to 3.4.18. The root cause is the plugin using composer without preventing direct access to its files, enabling unauthenticated attackers to re...

WordPress Branda Plugin <= 3.4.18 is vulnerable to Full Path Disclosure (FPD)

Software Branda Type Plugin Vulnerable versions = 3.4.18 Fixed in 3.4.19 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6554 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 85b623e615a7 Credits stealthcopter Required privilege...

WordPress Branda plugin <= 3.4.17 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Fulan Engineering Patchstack Alliance in WordPress Plugin Branda versions = 3.4.17...