CVE-2025-14998

CRITICAL EXPLOITED

Branda WordPress <3.4.24 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2025-14998 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including KTN1990.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated privilege escalation vulnerability in the WordPress Branda plugin (versions up to 3.4.24) by exploiting improper password validation, allowing attackers to reset any user's password, including administrators.

Description

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Exploits (1)

nomisec WORKING POC 1 stars

by KTN1990 · remote

https://github.com/KTN1990/CVE-2025-14998

View Code ZIP pw:eip

This PoC demonstrates an unauthenticated privilege escalation vulnerability in the WordPress Branda plugin (versions up to 3.4.24) by exploiting improper password validation, allowing attackers to reset any user's password, including administrators.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress Branda plugin <= 3.4.24

No auth needed

Prerequisites: Access to the WordPress login page · Knowledge of a valid username (e.g., 'admin')

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product

https://plugins.trac.wordpress.org/changeset/3429115/branda-white-labeling#file1749

Product

https://plugins.trac.wordpress.org/browser/branda-white-labeling/tags/3.4.24/inc/modules/login-screen/signup-password.php#L24

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46be82-570f-4172-9c3f-746b894b84b9?source=cve

Scores

CVSS v3 9.8

EPSS 0.0007

EPSS Percentile 22.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-01-02

CWE

CWE-639

Status published

Products (1)

wpmudev/Branda – White Label & Branding, Free Login Page Customizer < 3.4.24

Published Jan 02, 2026

Tracked Since Feb 18, 2026