3 matches found
CVE-2024-6554
The CVE-2024-6554 entry for Branda – White Label WordPress, Custom Login Page Customizer indicates a Full Path Disclosure vulnerability in all versions up to 3.4.18. The root cause is the plugin using composer without preventing direct access to its files, enabling unauthenticated attackers to re...
CVE-2024-37239
CVE-2024-37239 is a stored XSS in Branda (WordPress Branda plugin) up to version 3.4.17. The vulnerability arises from improper input neutralization during web page generation, enabling authenticated attackers to execute scripts. The connected sources note a patch was released; remediation is to ...
CVE-2024-5191
CVE-2024-5191 affects Branda – White Label WordPress, Custom Login Page Customizer for WordPress. It allows Stored XSS via the mime_types parameter in all versions up to 3.4.17, requiring authenticated access at Author level or higher. The impact is arbitrary script execution in pages viewed by u...