WordPress Brizy plugin <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Functionality vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Form Functionality vulnerability discovered by RandomRoot in WordPress Plugin Brizy versions = 2.4.43...

CVE-2024-1161

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

CVE-2024-3242

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...

CVE-2024-3242

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...

WordPress Brizy – Page Builder plugin <= 2.4.43 - Multiple Authenticated (Contributor+) Store Cross-Site Scripting vulnerability

Multiple Authenticated Contributor+ Store Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Brizy versions = 2.4.43...

WordPress Brizy – Page Builder plugin <= 2.4.43 - Unauthenticated Stored Cross-Site Scripting via Form vulnerability

Unauthenticated Stored Cross-Site Scripting via Form vulnerability discovered by wesley wcraft in WordPress Plugin Brizy versions = 2.4.43...

PT-2024-17136 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.43 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks due to insufficient input sanitization and output...

WordPress Brizy – Page Builder plugin <= 2.4.43 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin Brizy versions = 2.4.43...

CVE-2024-3711

CVE-2024-3711 affects the Brizy – Page Builder for WordPress. The flaw enables an unauthorized plugin settings update due to a missing capability check in the functions action_request_disable, action_change_template, and action_request_enable, in all versions up to and including 2.4.43. Consequen...

WordPress Brizy Plugin <= 2.4.43 is vulnerable to Broken Access Control

Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3711 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6a9b9ee44fc3 Credits Lucio Sá Required privilege Contributo...

PT-2024-27305 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.43 Description: The issue is related to a missing capability check on the functions action request disable, action change template, and action request enable. This...

Apache HTTP Server 2.4.32 < 2.4.44 mod_proxy_uwsgi Buffer Overflow Vulnerability - Windows

Apache HTTP Server is prone to a buffer overflow vulnerability in modproxyuwsgi. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache 2.4.x < 2.4.43 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.43. It is, therefore, affected by multiple vulnerabilities: - An uninitialized value vulnerability exists in modproxyftp. CVE-2020-1934 - An open redirect vulnerability exists in modrewrite...