3 matches found
CVE-2024-1311
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload...
CVE-2024-1311
The Brizy – Page Builder plugin for WordPress (Brizy) has a vulnerability (CVE-2024-1311): arbitrary file upload due to missing file type validation in storeImages, affecting all versions up to 2.4.40. Exploitation would require authenticated access (Contributor+); could enable remote code execut...
WordPress Brizy Plugin <= 2.4.40 is vulnerable to Arbitrary File Upload
Software Brizy Type Plugin Vulnerable versions = 2.4.40 Fixed in 2.4.41 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1311 Patch priority Low CVSS severity Low 9.9 Developer Claim ownership PSID 24df97dffee9 Credits stealthcopter Required privilege Contributor...