Brizy

Brizy

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-4370

  • EPSS 0.11%
  • Veröffentlicht 29.07.2025 04:23:46
  • Zuletzt bearbeitet 11.08.2025 19:04:09

The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2...

5.4

CVE-2025-32198

  • EPSS 0.13%
  • Veröffentlicht 10.04.2025 08:15:17
  • Zuletzt bearbeitet 07.08.2025 18:43:35

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy. This issue affects Brizy: from n/a through 2.6.14.

8.8

CVE-2025-26902

  • EPSS 0.09%
  • Veröffentlicht 09.04.2025 19:30:15
  • Zuletzt bearbeitet 07.08.2025 18:48:07

Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.

8.8

CVE-2025-26901

  • EPSS 0.25%
  • Veröffentlicht 09.04.2025 19:28:10
  • Zuletzt bearbeitet 07.08.2025 18:09:33

Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.

5.4

CVE-2024-10322

  • EPSS 0.07%
  • Veröffentlicht 12.02.2025 13:15:07
  • Zuletzt bearbeitet 20.02.2025 20:40:34

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

8.8

CVE-2024-10960

  • EPSS 0.84%
  • Veröffentlicht 12.02.2025 12:15:28
  • Zuletzt bearbeitet 20.02.2025 16:26:54

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, ...

6.1

CVE-2025-22763

  • EPSS 0.13%
  • Veröffentlicht 21.01.2025 14:15:12
  • Zuletzt bearbeitet 08.08.2025 02:04:23

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1.

6.1

CVE-2024-6254

  • EPSS 0.21%
  • Veröffentlicht 08.08.2024 04:17:06
  • Zuletzt bearbeitet 01.03.2025 01:20:09

The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticate...

8.8

CVE-2024-3242

  • EPSS 6.63%
  • Veröffentlicht 18.07.2024 09:15:02
  • Zuletzt bearbeitet 16.01.2025 15:08:00

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it pos...

6.5

CVE-2024-1937

  • EPSS 0.16%
  • Veröffentlicht 16.07.2024 09:15:02
  • Zuletzt bearbeitet 16.01.2025 15:26:27

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated at...