CVE-2025-14998
Privilege Escalation in Branda WordPress Plugin via Password Reset
Publication date: 2026-01-02
Last updated on: 2026-01-02
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| branda | branda | to 3.4.24 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Branda WordPress plugin allows unauthenticated attackers to escalate privileges by taking over user accounts. This happens because the plugin does not properly verify a user's identity before allowing a password update. As a result, attackers can change any user's password, including administrators, and gain access to their accounts.
How can this vulnerability impact me? :
This vulnerability can have severe impacts, including unauthorized access to user accounts, especially administrator accounts. Attackers can change passwords without authentication, leading to full control over the affected WordPress site. This can result in data breaches, site defacement, loss of data integrity, and potential further exploitation of the compromised site.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the Branda plugin version is up to and including 3.4.24, as these versions are vulnerable. Since the vulnerability allows unauthenticated attackers to change arbitrary user passwords via improper validation, monitoring for unusual password change requests or unauthorized REST API calls related to user password updates could help detect exploitation attempts. Specific commands are not provided in the resources, but you can audit your WordPress installation for the plugin version and review web server logs for suspicious POST requests to password update endpoints. Additionally, inspecting the signup meta data for weakly encrypted passwords could indicate exploitation. No explicit commands are available from the provided resources. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Branda plugin to a version later than 3.4.24 where the vulnerability is fixed. If an update is not immediately possible, restrict access to the WordPress REST API endpoints related to user password changes and monitor for suspicious activity. Additionally, review and harden user password handling and authentication processes. Since the vulnerability allows unauthenticated attackers to change passwords, limiting exposure by disabling or restricting the plugin until patched is advisable. [3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated attackers to change arbitrary users' passwords, including administrators, leading to unauthorized access to accounts. Such unauthorized access and potential data breaches could result in non-compliance with standards like GDPR and HIPAA, which require protection of user data and access controls. However, specific impacts on compliance are not detailed in the provided resources. [3]