cleantalk
Vulnerabilities and Security Researches

Branda – White Label WordPress, Custom Login Page Customizer, 9a641056befae7595b22b29a09aad031fbb42c46

CVE, Research URL

9a641056befae7595b22b29a09aad031fbb42c46

Home page URL

Security reports for Branda – White Label WordPress, Custom Login Page Customizer

Application

Branda – White Label WordPress, Custom Login Page Customizer

Published on
Mar 16, 2023
Research Description
Branda – White Label &amp; Branding, Free Login Page Customizer [branda-white-labeling] < 3.4.9 Branda – White Label WordPress <= 3.4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting The Branda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.4.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 3.4.9.
Status
vulnerable
Previous vulnerability researches
Branda – White Label WordPress, Custom Login Page Customizer (CVE-2026-11551) , Jun 21, 2026
Branda – White Label WordPress, Custom Login Page Customizer (CVE-2024-5191) , Jun 22, 2024
Branda – White Label WordPress, Custom Login Page Customizer (CVE-2024-37239) , Jul 02, 2024
Branda – White Label WordPress, Custom Login Page Customizer (CVE-2024-6554) , Jul 22, 2024
Branda – White Label WordPress, Custom Login Page Customizer (CVE-2025-14998) , Jan 11, 2026
New vulnerability
Simple File List (CVE-2026-11911) , Jun 21, 2026
Simple File List (CVE-2026-12119) , Jun 21, 2026
Simple File List (CVE-2026-11912) , Jun 21, 2026
WP Hotel Booking (CVE-2026-9822) , Jun 21, 2026
Branda – White Label WordPress, Custom Login Page Customizer (CVE-2026-11551) , Jun 21, 2026