The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-10-14T15:56:51.848077Z

Updated: 2024-09-17T00:05:36.560Z

Reserved: 2021-08-09T00:00:00

Link: CVE-2021-38345

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-14T16:15:09.257

Modified: 2024-11-21T06:16:51.703

Link: CVE-2021-38345

cve-icon Redhat

No data.