VYPR

Branda White Labeling

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-14998CriJan 2, 2026
    risk 0.57cvss 9.8epss 0.01

    The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for…

  • CVE-2024-9371MedNov 21, 2024
    risk 0.40cvss 6.1epss 0.01

    The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. This makes it…

  • CVE-2023-51542MedJun 4, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14.

  • CVE-2026-11551Jun 19, 2026
    risk 0.00cvss epss 0.01

    The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for…