The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2021-10-14T15:56:51.848077Z
Updated: 2024-09-17T00:05:36.560Z
Reserved: 2021-08-09T00:00:00
Link: CVE-2021-38345
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-14T16:15:09.257
Modified: 2024-11-21T06:16:51.703
Link: CVE-2021-38345
Redhat
No data.