The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-10-14T15:56:46.370148Z

Updated: 2024-09-17T00:17:30.107Z

Reserved: 2021-08-09T00:00:00

Link: CVE-2021-38344

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-14T16:15:09.187

Modified: 2024-11-21T06:16:51.557

Link: CVE-2021-38344

cve-icon Redhat

No data.