CVE-2025-7710: 
WordPress vulnerability analysis and mitigation

The Brave Conversion Engine (PRO) plugin for WordPress contains an Authentication Bypass vulnerability (CVE-2025-7710) discovered in versions up to and including 0.7.7. The vulnerability was disclosed on August 1, 2025, and affects the plugin's Facebook authentication implementation (NVD CVE).

The vulnerability stems from improper restriction of claimed identity during Facebook authentication processes. This authentication bypass vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness is classified as CWE-288 (Authentication Bypass Using an Alternate Path or Channel) (NVD CVE).

The vulnerability allows unauthenticated attackers to bypass authentication controls and log in as any user, including administrators. This could lead to complete compromise of WordPress sites running the affected plugin versions (NVD CVE).

The vulnerability was addressed in version 0.8.0 of the Brave Conversion Engine (PRO) plugin, released on July 28, 2025. Users are strongly advised to update to this version immediately (Brave Changelog).