Description
The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email.
Published: 2025-08-23
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass to Account Takeover
Action: Immediate Patch
AI Analysis

Impact

The Bravis User WordPress plugin allows unauthenticated attackers to bypass login authentication because the plugin fails to record a user session after processing a Facebook login callback. Based on the description, it is inferred that the attack vector is the publicly accessible Facebook login callback endpoint, which accepts the attacker‑supplied authentication data without proper session establishment. Once an attacker provides the email address of an existing administrative account, the callback accepts the authentication data and grants administrative privileges without enforcing a fresh session. This results in a full account takeover that could compromise site content, user data, and configuration.

Affected Systems

WordPress sites that have installed the Bravis User plugin version 1.0.1 or earlier are affected. The vulnerability is specific to the Bravis-Themes packaging of the Bravis User plugin and does not impact newer releases beyond 1.0.1.

Risk and Exploitability

The flaw has a CVSS score of 8.1, indicating high severity, but the EPSS score is below 1% and the vulnerability is not listed in CISA’s KEV catalog, suggesting current exploitation likelihood is low. Nonetheless, the attack requires knowledge of an administrative email address and agreement to a social login, which can be obtained through phishing or data leaks. Once those prerequisites are met, an attacker can remotely gain full administrative control of the site.

Generated by OpenCVE AI on April 21, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Bravis User plugin to the latest release that addresses the authentication logic flaw.
  • If an upgrade cannot be performed immediately, disable the Facebook login feature or enforce a re‑authentication step before granting admin privileges.
  • Implement multi‑factor authentication for all administrative accounts and enforce strong, unique passwords to reduce the risk of credential compromise.

Generated by OpenCVE AI on April 21, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25633 The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.0. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email.
History

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.0. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email. The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email.
Title Bravis User <= 1.0.0 - Authentication Bypass to Account Takeover Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover

Mon, 25 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 24 Aug 2025 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Sat, 23 Aug 2025 07:00:00 +0000

Type Values Removed Values Added
Description The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.0. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email.
Title Bravis User <= 1.0.0 - Authentication Bypass to Account Takeover
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:21:17.089Z

Reserved: 2025-05-21T15:10:04.708Z

Link: CVE-2025-5060

cve-icon Vulnrichment

Updated: 2025-08-25T18:16:04.986Z

cve-icon NVD

Status : Deferred

Published: 2025-08-23T07:15:31.953

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-5060

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T03:30:26Z

Weaknesses