VYPR

Brizy

by Brizy

Source repositories

CVEs (25)

  • CVE-2024-1165MedFeb 26, 2024
    risk 0.21cvss 4.3epss 0.01

    The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on…

  • CVE-2023-2897LowJun 9, 2023
    risk 0.17cvss 3.7epss 0.00

    The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses…

  • CVE-2024-10322Feb 12, 2025
    risk 0.00cvss epss 0.00

    The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2024-10960Feb 12, 2025
    risk 0.00cvss epss 0.01

    The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level…

  • CVE-2024-6254Aug 8, 2024
    risk 0.00cvss epss 0.00

    The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticated attackers to submit forms…

Page 2 of 2