Skip to main content

Brizy

22 CVEs product

Monthly

CVE-2026-32408 MEDIUM This Month

Brizy through version 2.7.23 contains a missing authorization flaw that allows authenticated users to access resources or perform actions beyond their assigned permissions due to improperly configured access controls. An attacker with valid credentials can exploit this vulnerability to view sensitive information from other users or accounts. No patch is currently available for this issue.

Authentication Bypass Brizy
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-10322 MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Brizy
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-10960 CRITICAL PATCH Act Now

The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress RCE File Upload Brizy
NVD
CVSS 3.1
9.9
EPSS
3.7%
CVE-2024-6254 MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress XSS CSRF Brizy
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-3242 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP RCE WordPress File Upload Brizy
NVD
CVSS 3.1
8.8
EPSS
6.6%
CVE-2024-1937 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Brizy
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-1164 MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3667 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-2087 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-1940 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-1161 MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Brizy
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3711 MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Brizy
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1311 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Brizy
NVD VulDB
CVSS 3.1
8.8
EPSS
9.6%
CVE-2024-1296 MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Brizy
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1293 MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Brizy
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1291 MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Brizy
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1165 MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Brizy
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-51396 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy - Page Builder allows Stored XSS.4.29. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Brizy
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2020-36714 HIGH POC This Week

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Brizy
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2023-2897 LOW PATCH Monitor

The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure WordPress Brizy
NVD VulDB
CVSS 3.1
3.7
EPSS
0.1%
CVE-2022-2041 MEDIUM POC This Month

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Brizy
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2040 MEDIUM POC This Month

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Brizy
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
EPSS 0% CVSS 4.3
MEDIUM This Month

Brizy through version 2.7.23 contains a missing authorization flaw that allows authenticated users to access resources or perform actions beyond their assigned permissions due to improperly configured access controls. An attacker with valid credentials can exploit this vulnerability to view sensitive information from other users or accounts. No patch is currently available for this issue.

Authentication Bypass Brizy
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Brizy
NVD
EPSS 4% CVSS 9.9
CRITICAL PATCH Act Now

The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress RCE File Upload +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress XSS CSRF +1
NVD
EPSS 7% CVSS 8.8
HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP RCE WordPress +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Brizy
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Brizy
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Brizy
NVD
EPSS 10% CVSS 8.8
HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload +1
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Brizy
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Brizy
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Brizy
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Brizy
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy - Page Builder allows Stored XSS.4.29. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Brizy
NVD
EPSS 0% CVSS 7.4
HIGH POC This Week

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Brizy
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure WordPress Brizy
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Brizy
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Brizy
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy