Primary

Context

Brizy Page Builder WordPress Plugin Limited File Upload Vulnerability

Vulnerability

Patched

A vulnerability allowing limited file uploads has been identified in the Brizy Page Builder plugin for WordPress, affecting all versions through 2.6.20. The issue arises from missing authorization in the 'process_external_asset_urls' function and inadequate path validation in the 'store_file' function. This flaw enables unauthenticated attackers to upload .TXT files to the server of the affected site.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads, which could be leveraged for various malicious purposes, such as executing scripts or causing a denial-of-service.

Remediation

Users are advised to update the Brizy Page Builder plugin to version 2.6.21 or a newer patched version.

Added: Jul 29, 2025, 5:34 AM

Updated: Jul 29, 2025, 5:34 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.0

exploitability

8.2

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.0

exploitability

8.2

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Brizy Page Builder WordPress Plugin Limited File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Brizy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating