CVE-2026-11551
🟠 Łataj w tym tygodniu
Wtyczka Branda dla WordPressa pozwala na eskalację uprawnień przez przejęcie konta.
CVSS
9.8
EPSS
0.6%
Exploit
none
Vendor
Opis źródłowy (NVD)
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
privilege-escalation
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.6% |
| Opublikowano (NVD) | 2026-06-20 00:16:15 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-23 03:16:40 UTC |
Referencje
- https://plugins.trac.wordpress.org/browser/branda-white-labeling/tags/3.4.29/inc/modules/login-screen/signup-password.php#L232 (security@wordfence.com)
- https://plugins.trac.wordpress.org/changeset/3568291/branda-white-labeling/trunk/inc/modules/login-screen/signup-password.php (security@wordfence.com)
- https://www.wordfence.com/threat-intel/vulnerabilities/id/56f13af3-71b6-42d4-9fda-a75778f32091?source=cve (security@wordfence.com)