CVE-2021-38345 - OpenCVE

The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Brizy	Brizy-page Builder

Configuration 1 [-]

OR	cpe:2.3:a:brizy:brizy-page_builder:::::wordpress:::*
	cpe:2.3:a:brizy:brizy-page_builder::::::::

No data.

References

Link	Providers
https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-10-14T15:56:51.848077Z

Updated: 2024-09-17T00:05:36.560Z

Reserved: 2021-08-09T00:00:00

Link: CVE-2021-38345

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-14T16:15:09.257

Modified: 2022-10-27T13:04:23.713

Link: CVE-2021-38345

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["WordPress"], "product": "Brizy - Page Builder", "vendor": "Brizy.io", "versions": [{"lessThanOrEqual": "2.3.11", "status": "affected", "version": "2.3.11", "versionType": "custom"}, {"lessThan": "1.0.127*", "status": "affected", "version": "1.0.127", "versionType": "custom"}, {"lessThanOrEqual": "1.0.125", "status": "affected", "version": "1.0.125", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ramuel Gall, Wordfence"}], "datePublic": "2021-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-14T15:56:51", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}], "source": {"discovery": "INTERNAL"}, "title": "Brizy <= 1.0.125 and 1.0.127 \u2013 2.3.11 Incorrect authorization checks allowing Post modification", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@wordfence.com", "DATE_PUBLIC": "2021-10-13T00:00:00.000Z", "ID": "CVE-2021-38345", "STATE": "PUBLIC", "TITLE": "Brizy <= 1.0.125 and 1.0.127 \u2013 2.3.11 Incorrect authorization checks allowing Post modification"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Brizy - Page Builder", "version": {"version_data": [{"platform": "WordPress", "version_affected": "<=", "version_name": "2.3.11", "version_value": "2.3.11"}, {"platform": "WordPress", "version_affected": ">=", "version_name": "1.0.127", "version_value": "1.0.127"}, {"platform": "WordPress", "version_affected": "<=", "version_name": "1.0.125", "version_value": "1.0.125"}]}}]}, "vendor_name": "Brizy.io"}]}}, "credit": [{"lang": "eng", "value": "Ramuel Gall, Wordfence"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:37:16.512Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}]}]}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2021-38345", "datePublished": "2021-10-14T15:56:51.848077Z", "dateReserved": "2021-08-09T00:00:00", "dateUpdated": "2024-09-17T00:05:36.560Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brizy:brizy-page_builder:*:*:*:*:wordpress:*:*:*", "matchCriteriaId": "C4BC9503-BB49-4E6B-920C-AF44BAFC8A25", "versionEndExcluding": "1.0.1.126", "vulnerable": true}, {"criteria": "cpe:2.3:a:brizy:brizy-page_builder:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF77E7C3-3D70-4A71-A70E-97C1423ECE14", "versionEndIncluding": "2.3.11", "versionStartIncluding": "1.0.127", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}, {"lang": "es", "value": "El plugin Brizy Page Builder versiones anteriores a 2.3.11 incluy\u00e9ndola, para WordPress usaba una comprobaci\u00f3n de autorizaci\u00f3n incorrecta que permit\u00eda a cualquier usuario conectado que accediera a cualquier endpoint del directorio wp-admin modificar el contenido de cualquier entrada o p\u00e1gina presente creada con el editor Brizy. Un problema id\u00e9ntico fue encontrado por otro investigador en Brizy versiones anteriores a 1.0.125 incluy\u00e9ndola, y corregido en la versi\u00f3n 1.0.126, pero la vulnerabilidad fue reintroducida en la versi\u00f3n 1.0.127"}], "id": "CVE-2021-38345", "lastModified": "2022-10-27T13:04:23.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2021-10-14T16:15:09.257", "references": [{"source": "security@wordfence.com", "tags": ["Vendor Advisory"], "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}