Filtered by vendor Brizy
Subscribe
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38345 | 1 Brizy | 1 Brizy-page Builder | 2022-10-27 | 4.0 MEDIUM | 6.5 MEDIUM |
The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127. | |||||
CVE-2022-2219 | 1 Brizy | 1 Unyson | 2022-07-29 | N/A | 7.2 HIGH |
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
CVE-2022-2041 | 1 Brizy | 1 Brizy-page Builder | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | |||||
CVE-2022-2040 | 1 Brizy | 1 Brizy-page Builder | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | |||||
CVE-2021-38346 | 1 Brizy | 1 Brizy-page Builder | 2022-07-05 | 6.5 MEDIUM | 8.8 HIGH |
The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations. | |||||
CVE-2021-38344 | 1 Brizy | 1 Brizy-page Builder | 2022-07-05 | 3.5 LOW | 5.4 MEDIUM |
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page. |