Brizy Brizy

26 CVEs affecting Brizy Brizy. Latest disclosed: 2025-07-29. Critical: 1, High: 8.

Top CVEs affecting Brizy Brizy
CVESeverityScorePublishedSummary
CVE-2024-10960Critical9.92025-02-12The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all…
CVE-2024-3242High8.82024-07-18The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent func…
CVE-2024-1311High8.82024-03-13The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all ve…
CVE-2024-3667High7.42024-06-05The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, a…
CVE-2020-36714High7.42023-10-20The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to…
CVE-2024-2087High7.22024-06-05The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.4…
CVE-2025-22763High7.12025-01-21Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affec…
CVE-2024-1937High7.12024-07-16The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' functio…
CVE-2024-1940High7.12024-06-05The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to…
CVE-2025-32198Medium6.52025-04-10Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy brizy.This issue affects Brizy: from n…
CVE-2023-51396Medium6.52023-12-29Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS.This issu…
CVE-2024-10322Medium6.42025-02-12The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including…
CVE-2024-1164Medium6.42024-06-05The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL…
CVE-2024-1161Medium6.42024-06-05The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to…
CVE-2024-1296Medium6.42024-03-13The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including…
CVE-2024-1293Medium6.42024-03-13The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and inclu…
CVE-2024-1291Medium6.42024-03-13The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including…
CVE-2022-2041Medium5.42022-06-27The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform…
CVE-2022-2040Medium5.42022-06-27The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Sto…
CVE-2025-4370Medium5.32025-07-29The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as wel…