CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2040 – Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL
https://notcve.org/view.php?id=CVE-2022-2040
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks El plugin Brizy de WordPress versiones anteriores a 2.4.2, no sanea ni escapa de la URL de algunos elementos, lo que podría permitir a usuarios con un rol tan bajo como el de colaborador llevar a cabo ataques de tipo Cross-Site Scripting Almacenado • https://wpscan.com/vulnerability/ab53a70c-57d5-400f-b11f-b1b7b2b0cf01 https://www.fortiguard.com/zeroday/FG-VD-21-111 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38344 – Brizy <= 2.3.11 Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38344
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page. El plugin Brizy Page Builder versiones anteriores a 2.3.11 incluyéndola, para WordPress era vulnerable a un ataque de tipo XSS almacenado por usuarios con menos privilegios, como un suscriptor. Era posible añadir JavaScript malicioso a una página al modificar la petición enviada para actualizar la página por medio de la acción brizy_update_item AJAX y añadiendo JavaScript al parámetro data, que se ejecutaría en la sesión de cualquier visitante que visualizara o previsualizara el post o la página • https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38346 – Brizy <= 2.3.11 Authenticated Unrestricted File Upload and Path Traversal
https://notcve.org/view.php?id=CVE-2021-38346
The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations. El plugin Brizy Page Builder versiones anteriores a 2.3.11 incluyéndola, para WordPress permitía a usuarios autenticados subir archivos ejecutables a una ubicación de su elección usando la acción brizy_create_block_screenshot AJAX. El archivo se nombraba por medio del parámetro id, al que se le podía añadir "../" para llevar a cabo un salto de directorio, y el contenido del archivo se rellenaba por medio del parámetro ibsf, que se decodificaba en base64 y se escribía en el archivo. • https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38345 – Brizy <= 1.0.125 and 1.0.127 – 2.3.11 Incorrect authorization checks allowing Post modification
https://notcve.org/view.php?id=CVE-2021-38345
The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127. El plugin Brizy Page Builder versiones anteriores a 2.3.11 incluyéndola, para WordPress usaba una comprobación de autorización incorrecta que permitía a cualquier usuario conectado que accediera a cualquier endpoint del directorio wp-admin modificar el contenido de cualquier entrada o página presente creada con el editor Brizy. Un problema idéntico fue encontrado por otro investigador en Brizy versiones anteriores a 1.0.125 incluyéndola, y corregido en la versión 1.0.126, pero la vulnerabilidad fue reintroducida en la versión 1.0.127 • https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36714 – Brizy < 1.0.126 - Authorization Bypass to Settings Updates
https://notcve.org/view.php?id=CVE-2020-36714
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions. El complemento Brizy para WordPress es vulnerable a la omisión de autorización debido a una verificación de capacidad incorrecta en la función is_administrator() en versiones hasta la 1.0.125 incluida. Esto hace posible que los atacantes autenticados accedan e interactúen con las funciones AJAX disponibles. • https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities https://www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-9363-783626e58a4a?source=cve • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •