PT-2025-31738 · WordPress · Brave Conversion Engine

Thái An

Published

2025-08-02

Updated

2025-08-03

CVE-2025-7710

Report an issue

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

Brave Conversion Engine (PRO) plugin for WordPress versions through 0.7.7

Description:

The Brave Conversion Engine (PRO) plugin for WordPress is susceptible to authentication bypass due to improper restriction of a claimed identity during Facebook authentication. This allows unauthenticated attackers to log in as other users, including administrators.

Recommendations:

Update the Brave Conversion Engine (PRO) plugin to a version later than 0.7.7.

Fix

Authentication Bypass Using an Alternate Path or Channel

Weakness Enumeration

CWE-288

Related Identifiers

CVE-2025-7710

Affected Products

Brave Conversion Engine

PT-2025-31738 · WordPress · Brave Conversion Engine

Weakness Enumeration

Related Identifiers

Affected Products

References · 6