A critical vulnerability has been identified in the Branda plugin for WordPress, which allows unauthenticated attackers to change the password of any user on an affected website, including administrators. Successful exploitation could lead to a complete site takeover, resulting in data theft, website defacement, or the distribution of malware. Immediate patching is required to mitigate this high-risk threat.

The vulnerability exists because the password update functionality within the Branda plugin does not properly verify the identity of the user initiating the password change request. An unauthenticated attacker can send a specially crafted request to the vulnerable function, targeting a specific user account (e.g., by username or user ID) and providing a new password. The plugin processes this request without any authentication or authorization checks, overwriting the legitimate user's password and allowing the attacker to log in and take full control of the account.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could have a devastating impact on the business. An attacker who gains administrative access can steal sensitive customer or business data, inject malicious code, use the website for phishing campaigns, or completely destroy the site's content and backups. This can lead to significant financial loss, severe reputational damage, loss of customer trust, and potential legal or regulatory penalties for data breaches.

Immediate Action: Immediately update the Branda plugin for WordPress to the latest version available from the vendor (any version after 3.4.24). After patching, review all user accounts, especially administrative accounts, for any unauthorized password changes or suspicious activity. Monitor access logs for any signs of exploitation attempts that may have occurred prior to the update.

Proactive Monitoring: Monitor web server and application logs for unusual or repeated POST requests to password update endpoints, particularly from unexpected IP addresses. Implement alerts for password changes on high-privilege accounts. Review WordPress audit logs for unexpected logins, user creations, or plugin modifications that could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, consider the following temporary measures:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to block malicious requests targeting the vulnerable password change function.
• Temporarily disable the Branda plugin until it can be safely updated. Note that this may impact site functionality.
• Restrict access to the WordPress login and admin dashboard (/wp-admin/) to trusted IP addresses only.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for a complete system compromise by an unauthenticated attacker, this vulnerability represents an immediate and severe risk to the organization. We strongly recommend that all systems running the affected Branda plugin be patched with the highest priority. Although this CVE is not currently listed on the CISA KEV list, its characteristics make it a prime target for widespread exploitation. Organizations should assume they are being targeted and act immediately to apply the vendor-supplied update and investigate for any signs of compromise.