1 vulnerability across 1 product scored HIGH or above on June 20, 2026.
- ๐ HIGH: 1
๐ [HIGH] wpmudev/branda_โwhite_label&_branding,_free_login_page_customizer
1 CVE | CVSS 3.1: 9.8 | AAS 11.6
cpe:2.3:a:wpmudev:branda_white_label_branding_free_login_page_customizer:*:*:*:*:*:*:*:*(< 3.4.30)
WPMU DEV Branda โ White Label & Branding plugin for WordPress, versions up to and including 3.4.29, contains a critical privilege escalation vulnerability (CVE-2026-11551, CVSS 9.8) that allows unauthenticated attackers to reset any user’s password, including administrator accounts, due to insufficient identity validation during password changes. A proof-of-concept exploit is publicly available, making active exploitation highly likely. WordPress site administrators using Branda should update to a patched version immediately or deactivate the plugin until a fix is applied, and review admin account activity for signs of unauthorized access.
- ๐ CVE-2026-11551 (CVSS 3.1: 9.8)