Lucene search

PRIOn knowledge basePRION:CVE-2020-36714

HistoryOct 20, 2023 - 8:15 a.m.

Authorization

2023-10-2008:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

brizy

plugin

vulnerability

authorization

bypass

capability check

is_administrator

ajax

nvd

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.

CPENameOperatorVersion
brizy-page_builderle1.0.125

CPE	Name	Operator	Version
	brizy-page_builder	le	1.0.125

References

blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities/

www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-9363-783626e58a4a?source=cve