Primary

Context

Brave Conversion Engine (PRO) Authentication Bypass Vulnerability Allowing Impersonation of Users Including Administrators

Vulnerability

A vulnerability allowing authentication bypass has been identified in the Brave Conversion Engine (PRO) plugin for WordPress, affecting all versions through 0.7.7. The issue arises because the plugin fails to properly validate a claimed identity during Facebook authentication. This flaw enables unauthenticated attackers to log in as other users, including those with administrative privileges.

Impact

Exploitation of this vulnerability allows unauthenticated attackers to bypass authentication mechanisms and log in as other users, potentially including administrators, thereby gaining unauthorized access to user accounts and associated privileges.

Remediation

Users are advised to update the Brave Conversion Engine (PRO) plugin to version 0.8.0 or a newer patched version.

Added: Aug 2, 2025, 12:18 PM

Updated: Aug 2, 2025, 12:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Brave Conversion Engine (PRO) Authentication Bypass Vulnerability Allowing Impersonation of Users Including Administrators

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating