CVE-2025-7710
BaseFortify
Publication date: 2025-08-02
Last updated on: 2025-08-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| brave | conversion_engine | 0.7.7 |
| brave | conversion_engine | 0.8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7710 is a critical authentication bypass vulnerability in the Brave Conversion Engine (PRO) WordPress plugin. The issue arises because the plugin does not properly restrict a claimed identity when authenticating users via Facebook social login. This flaw allows unauthenticated attackers to log in as other users, including administrators, without valid credentials. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts, as it allows attackers to bypass authentication and gain unauthorized access to user accounts, including administrator accounts. This can lead to full site compromise, data theft, unauthorized changes, and potential disruption of services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves verifying the version of the Brave Conversion Engine (PRO) plugin installed on your WordPress site. Versions up to and including 0.7.7 are vulnerable. You can check the plugin version via WordPress admin dashboard or by running commands on your server such as: `wp plugin list | grep brave-conversion-engine` (if WP-CLI is installed) or by inspecting the plugin's version in the plugin files. Additionally, monitoring authentication logs for suspicious login attempts or unexpected administrator logins may help detect exploitation attempts. There are no specific network commands provided for direct detection of the authentication bypass. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Brave Conversion Engine (PRO) plugin to version 0.8.0 or later, as this version contains the fix for CVE-2025-7710. Until the update is applied, consider disabling the Facebook social login feature to prevent exploitation. Additionally, monitor user accounts for unauthorized access and review authentication logs. Applying general WordPress security best practices, such as strong passwords and limiting administrator access, can also help reduce risk. [1]