The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in

链接： https://github.com/advisories/GHSA-j2v9-cq8f-8ch7

CVSS 评分： 9.8

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-7710
https://getbrave.io/brave-pro-changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/604249c6-b23a-40e9-984d-2014f5c97249?source=cve
https://github.com/advisories/GHSA-j2v9-cq8f-8ch7

描述：

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.

安全公告

#Github Advisory

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in

http://example.com/2025/08/02/github_2644232895/

作者

lianccc

发布于

2025年8月2日

许可协议

NCR Command Center Agent Command Injection Vulnerability 上一篇

PHPCMS 2008 远程代码执行漏洞下一篇