CVE-2025-7710: 
WordPress vulnerability analysis and mitigation

The Brave Conversion Engine (PRO) plugin for WordPress contains an Authentication Bypass vulnerability (CVE-2025-7710) affecting all versions up to and including 0.7.7. The vulnerability was discovered in August 2025 and involves improper restriction of claimed identity during Facebook authentication (NVD Database).

The vulnerability is classified with a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The technical nature of the vulnerability stems from improper authentication mechanisms when handling Facebook-based authentication, categorized under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) (NVD Database).

The vulnerability allows unauthenticated attackers to bypass authentication controls and log in as other users, including administrators. This presents a critical security risk as it enables unauthorized access to administrative functions and sensitive data within WordPress installations using the affected plugin (NVD Database).

Users should immediately update their Brave Conversion Engine (PRO) plugin to versions newer than 0.7.7. The vulnerability has been addressed in subsequent releases as indicated in the changelog (Brave Changelog).