Wpmudev Branda
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Wpmudev Branda.
By the Year
In 2026 there have been 2 vulnerabilities in Wpmudev Branda with an average score of 9.8 out of ten. Branda did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 9.80 |
| 2025 | 0 | 0.00 |
| 2024 | 5 | 5.93 |
It may take a day or so for new Branda vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Wpmudev Branda Security Vulnerabilities
Branda WP Plugin <3.4.29: Privilege Escalation via Password Change
CVE-2026-11551
9.8 - Critical
- June 19, 2026
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Weak Password Recovery Mechanism for Forgotten Password
Branda WP Plugin <=3.4.24 Privilege Escalation via Password Reset
CVE-2025-14998
9.8 - Critical
- January 02, 2026
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Insecure Direct Object Reference / IDOR
Branda WordPress Plugin: Reflected XSS Vulnerability in URL Handling
CVE-2024-9371
6.1 - Medium
- November 21, 2024
The Branda White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
XSS
WPMU DEV Branda Stored XSS <=3.4.17
CVE-2024-37239
5.9 - Medium
- July 22, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Branda branda-white-labeling.This issue affects Branda: from n/a through <= 3.4.17.
XSS
Branda WP Customizer v3.4.18 Full Path Disclosure (CVE-2024-6554)
CVE-2024-6554
5.3 - Medium
- July 11, 2024
The Branda White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Information Disclosure
Branda Plugin 3.4.17 XSS via mime_types
CVE-2024-5191
6.4 - Medium
- June 21, 2024
The Branda White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mime_types parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Auth Bypass via Spoofing in WPMU DEV Branda (3.4.14)
CVE-2023-51542
- June 04, 2024
Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14.
Authentication Bypass by Spoofing
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Wpmudev Branda or by Wpmudev? Click the Watch button to subscribe.
