{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14998", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-20T15:01:44.895Z", "datePublished": "2026-01-02T01:48:20.495Z", "dateUpdated": "2026-04-08T17:15:21.481Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:21.481Z"}, "affected": [{"vendor": "wpmudev", "product": "Branda \u2013 White Label & Branding, Free Login Page Customizer", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.4.24", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."}], "title": "Branda \u2013 White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46be82-570f-4172-9c3f-746b894b84b9?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/branda-white-labeling/tags/3.4.24/inc/modules/login-screen/signup-password.php#L24"}, {"url": "https://plugins.trac.wordpress.org/changeset/3429115/branda-white-labeling#file1749"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Drew Webber"}], "timeline": [{"time": "2025-12-20T15:17:14.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-01-01T13:29:04.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-05T20:33:41.996720Z", "id": "CVE-2025-14998", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-05T20:39:35.214Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14998", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-05T20:33:41.996720Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-05T20:33:42.800Z"}}], "cna": {"title": "Branda \u2013 White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover", "credits": [{"lang": "en", "type": "finder", "value": "Drew Webber"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "wpmudev", "product": "Branda \u2013 White Label & Branding, Free Login Page Customizer", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.4.24"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-20T15:17:14.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-01-01T13:29:04.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46be82-570f-4172-9c3f-746b894b84b9?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/branda-white-labeling/tags/3.4.24/inc/modules/login-screen/signup-password.php#L24"}, {"url": "https://plugins.trac.wordpress.org/changeset/3429115/branda-white-labeling#file1749"}], "descriptions": [{"lang": "en", "value": "The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-01-02T01:48:20.495Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14998", "state": "PUBLISHED", "dateUpdated": "2026-01-05T20:39:35.214Z", "dateReserved": "2025-12-20T15:01:44.895Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-02T01:48:20.495Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."}, {"lang": "es", "value": "El plugin Branda para WordPress es vulnerable a escalada de privilegios mediante toma de control de cuenta en todas las versiones hasta la 3.4.24, inclusive. Esto se debe a que el plugin no valida correctamente la identidad de un usuario antes de actualizar su contrase\u00f1a. Esto hace posible que atacantes no autenticados cambien las contrase\u00f1as de usuarios arbitrarios, incluidos los administradores, y aprovechen eso para obtener acceso a su cuenta."}], "id": "CVE-2025-14998", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-02T03:15:50.940", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/branda-white-labeling/tags/3.4.24/inc/modules/login-screen/signup-password.php#L24"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3429115/branda-white-labeling#file1749"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46be82-570f-4172-9c3f-746b894b84b9?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T00:37:48.577181+00:00", "value": {"mitigation_remediation": ["Upgrade the Branda plugin to a version newer than 3.4.24, if an update has been released.", "If an update cannot be applied immediately, temporarily disable or uninstall the Branda plugin and restore the site\u2019s default login pages.", "Block external requests to URLs that invoke the plugin\u2019s password\u2011reset actions\u2014such as /wp-admin/admin-ajax.php with relevant actions\u2014using a web\u2011application firewall or host\u2011based rules.", "Enable two\u2011factor authentication for all administrator accounts to mitigate the impact of a potential takeover."], "summary": {"action": "Patch", "impact": "Privilege Escalation via Unauthenticated Password Change"}, "threat_synthesis": {"affected_systems": "This vulnerability is present in every release of the Branda \u2013 White Label & Branding, Free Login Page Customizer plugin from wpmudev up to and including version 3.4.24.", "description_and_impact": "The Branda WordPress plugin allows a non\u2011authenticated attacker to change the passwords of any user on the site, including administrators, because it fails to verify the requester's identity before performing a password update. This flaw creates an account takeover vector that can be used to acquire full access to the site with the privileges of the chosen account.", "risk_and_exploitability": "The CVSS score of 9.8 classifies the flaw as critical, and the EPSS score of less than 1% indicates a very low current exploitation probability. The bug is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote via the web interface, where an unauthenticated user can trigger the plugin\u2019s password\u2011reset logic through standard HTTP requests to public endpoints."}}}}, "created": "2026-01-05T10:14:19.669196+00:00", "updated": "2026-04-21T00:45:23.092827+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpmudev", "wpmudev$PRODUCT$branda"]}