Brizy Page Builder, a popular WordPress plugin known as one of the best website builders for non-techies has known vulnerabilities, which could lead to the potential compromise of thousands of WordPress websites.
Researchers at Security firm Wordfence stumbled upon the Brizy Page Builder vulnerabilities during a routine review of its firewall rules. The company discovered the vulnerability as well as two previously patched access control vulnerabilities in the plugin that had been reintroduced.
The first vulnerability could allow complete site takeover, allowing any logged-in user to modify any published post and add malicious JavaScript to it.
Related: Is the Great Resignation Increasing Cloud App Security Risks?
“While the Brizy – Page Builder plugin does not offer a direct way for lower-privileged users such as contributors to add JavaScript to page content, it was possible for a lower-privileged user to modify a request sent to update a page via the brizy_update_item AJAX action by adding JavaScript to the data parameter. The added JavaScript would then be executed if the post was viewed or previewed by another user, such as an administrator,” said Wordfence in a blog post.
The other flaw could allow any logged-in user to upload potentially executable files and achieve remote code execution.
The Page Builder plugin did not appear to be under attack, according to Wordfence.
The high severity issue stems from a lack of proper authorization checks with the plugin. “Unfortunately, due to a logic flaw, being logged in and accessing any endpoint in the wp-admin directory was sufficient to pass this check due to the use of the is_admin() function for authorization checking,” said Wordfence in a blog post.
An older access-control bug (CVE-2021-3835) was patched in June but reintroduced in version 1.0.17 this year.
It is recommended to update to the latest version of Brizy Page Builder (2.3.17) as soon as possible.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply