PT-2026-51041 · Wpmu Dev · Branda – White Label & Branding

Thevietronin

Published

2026-06-19

Updated

2026-06-20

CVE-2026-11551

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2026-11551

Affected Products

Branda – White Label & Branding

PT-2026-51041 · Wpmu Dev · Branda – White Label & Branding

CVE-2026-11551

Weakness Enumeration

Related Identifiers

Affected Products

References · 4