The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2021-10-14T15:56:46.370148Z
Updated: 2024-09-17T00:17:30.107Z
Reserved: 2021-08-09T00:00:00
Link: CVE-2021-38344
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-14T16:15:09.187
Modified: 2024-11-21T06:16:51.557
Link: CVE-2021-38344
Redhat
No data.