CVE-2024-1165
- EPSS 0.71%
- Veröffentlicht 26.02.2024 16:27:51
- Zuletzt bearbeitet 16.01.2025 14:48:55
The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files...
CVE-2023-51396
- EPSS 0.16%
- Veröffentlicht 29.12.2023 11:15:10
- Zuletzt bearbeitet 16.01.2025 15:08:00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS.This issue affects Brizy – Page Builder: from n/a through 2.4.29.
CVE-2020-36714
- EPSS 0.14%
- Veröffentlicht 20.10.2023 08:15:11
- Zuletzt bearbeitet 16.01.2025 15:08:00
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and in...
CVE-2023-2897
- EPSS 0.05%
- Veröffentlicht 09.06.2023 07:15:10
- Zuletzt bearbeitet 21.11.2024 07:59:31
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validatin...
CVE-2022-2040
- EPSS 0.18%
- Veröffentlicht 27.06.2022 09:15:10
- Zuletzt bearbeitet 16.01.2025 15:08:00
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
CVE-2022-2041
- EPSS 0.2%
- Veröffentlicht 27.06.2022 09:15:10
- Zuletzt bearbeitet 16.01.2025 15:08:00
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks