Brizy Security Vulnerabilities and Issues — Brizy CVE List

Lucene search

BrizyBrizy

6 matches found

CVE•added 2025/02/12 1:15 p.m.•86 views

CVE-2024-10322

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

6.4CVSS5.7AI score0.00026EPSS

CVE•added 2025/04/09 8:15 p.m.•51 views

CVE-2025-26901

Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.

8.8CVSS4.7AI score0.00075EPSS

CVE•added 2025/01/21 2:15 p.m.•42 views

CVE-2025-22763

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1.

7.1CVSS6.9AI score0.00037EPSS

CVE•added 2025/04/09 8:15 p.m.•41 views

CVE-2025-26902

Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.

8.8CVSS4.7AI score0.00029EPSS

CVE•added 2025/04/10 8:15 a.m.•39 views

CVE-2025-32198

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy. This issue affects Brizy: from n/a through 2.6.14.

6.5CVSS6.9AI score0.00052EPSS

CVE•added 2025/02/12 12:15 p.m.•38 views

CVE-2024-10960

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to uploa...

9.9CVSS9.7AI score0.00337EPSS