Primary

Context

Bravis User WordPress Plugin Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability allowing authentication bypass has been identified in the Bravis User plugin for WordPress, affecting all versions through 1.0.0. The issue arises because the plugin fails to properly log in users with data verified through the facebook_ajax_login_callback. This flaw enables unauthenticated attackers to log in as administrative users, provided they have an existing account on the site and access to the administrative user's email.

Impact

Exploitation of this vulnerability allows for unauthorized login as an administrative user, potentially leading to full administrative privileges on the WordPress site.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.

Added: Aug 23, 2025, 7:18 AM

Updated: Aug 23, 2025, 7:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bravis User WordPress Plugin Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating