CVE-2025-14998

Name of the Vulnerable Software and Affected Versions Branda plugin for WordPress versions through 3.4.24

Description The Branda plugin for WordPress is susceptible to privilege escalation through account takeover. This occurs because the plugin does not correctly verify a user’s identity before allowing password updates. This allows unauthenticated attackers to modify passwords for any user, including administrators, and subsequently gain access to their accounts. The issue enables attackers to bypass authentication checks and reset user passwords.

Recommendations Versions prior to 3.4.24 should be updated to version 3.4.24 or later.