Themefusecom Brizy – Page Builder
21 CVEs affecting Themefusecom Brizy – Page Builder. Latest disclosed: 2026-05-02. Critical: 1, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-10960 | Critical | 9.9 | 2025-02-12 | The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all… |
CVE-2024-3242 | High | 8.8 | 2024-07-18 | The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent func… |
CVE-2024-1311 | High | 8.8 | 2024-03-13 | The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all ve… |
CVE-2024-3667 | High | 7.4 | 2024-06-05 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, a… |
CVE-2020-36714 | High | 7.4 | 2023-10-20 | The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to… |
CVE-2026-5324 | High | 7.2 | 2026-05-02 | The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is… |
CVE-2024-2087 | High | 7.2 | 2024-06-05 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.4… |
CVE-2024-1937 | High | 7.1 | 2024-07-16 | The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' functio… |
CVE-2024-1940 | High | 7.1 | 2024-06-05 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to… |
CVE-2025-0969 | Medium | 6.5 | 2025-12-13 | The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get_users()… |
CVE-2024-10322 | Medium | 6.4 | 2025-02-12 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including… |
CVE-2024-1164 | Medium | 6.4 | 2024-06-05 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL… |
CVE-2024-1161 | Medium | 6.4 | 2024-06-05 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to… |
CVE-2024-1291 | Medium | 6.4 | 2024-03-13 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including… |
CVE-2024-1293 | Medium | 6.4 | 2024-03-13 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and inclu… |
CVE-2024-1296 | Medium | 6.4 | 2024-03-13 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including… |
CVE-2025-4370 | Medium | 5.3 | 2025-07-29 | The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as wel… |
CVE-2024-6254 | Medium | 4.3 | 2024-08-08 | The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing o… |
CVE-2024-3711 | Medium | 4.3 | 2024-05-23 | The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_req… |
CVE-2024-1165 | Medium | 4.3 | 2024-02-24 | The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it pos… |