Vulnerability CVE-2021-38345

Published: 2021-10-14

The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.



(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))


Copyright 2021,


Back to Top