CVE-2024-1165 - Vulnerability Details - OpenCVE

The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00709.

Key SSVC decision points have not yet been added.

Vendors	Products
Brizy	Brizy

Configuration 1 [-]

cpe:2.3:a:brizy:brizy:*:*:*:*:free:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-16933	The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/brizy/tags/2.4.39/editor/screenshot/manager.php#L33
https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/screenshot/manager.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve

History

Thu, 16 Jan 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Brizy Brizy brizy
Weaknesses		CWE-22
CPEs		cpe:2.3:a:brizy:brizy:::::free:wordpress::
Vendors & Products		Brizy Brizy brizy

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-02-24T09:38:22.454Z

Updated: 2024-08-01T18:33:25.100Z

Reserved: 2024-02-01T17:35:27.208Z

Link: CVE-2024-1165

Vulnrichment

Updated: 2024-08-01T18:33:25.100Z

NVD

Status : Analyzed

Published: 2024-02-26T16:27:51.880

Modified: 2025-01-16T14:48:55.897

Link: CVE-2024-1165

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1165", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-02-01T17:35:27.208Z", "datePublished": "2024-02-24T09:38:22.454Z", "dateUpdated": "2024-08-01T18:33:25.100Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-02-24T09:38:22.454Z"}, "affected": [{"vendor": "themefusecom", "product": "Brizy \u2013 Page Builder", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.4.40", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.4.39/editor/screenshot/manager.php#L33"}, {"url": "https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/screenshot/manager.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2024-02-23T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1165", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-26T18:03:32.995042Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:59:39.074Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.100Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.4.39/editor/screenshot/manager.php#L33", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/screenshot/manager.php", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.4.39/editor/screenshot/manager.php#L33", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/screenshot/manager.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.100Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1165", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-26T18:03:32.995042Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:13.274Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "themefusecom", "product": "Brizy \u2013 Page Builder", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.4.40"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-02-23T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.4.39/editor/screenshot/manager.php#L33"}, {"url": "https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/screenshot/manager.php"}], "descriptions": [{"lang": "en", "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-02-24T09:38:22.454Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1165", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:33:25.100Z", "dateReserved": "2024-02-01T17:35:27.208Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-02-24T09:38:22.454Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brizy:brizy:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "B556CA69-CFAA-4BED-BAA1-53107D694106", "versionEndExcluding": "2.4.40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server"}, {"lang": "es", "value": "El complemento Brizy \u2013 Page Builder para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 2.4.39 incluida, a trav\u00e9s del 'id'. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, carguen archivos en ubicaciones arbitrarias del servidor."}], "id": "CVE-2024-1165", "lastModified": "2025-01-16T14:48:55.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-26T16:27:51.880", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.4.39/editor/screenshot/manager.php#L33"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/screenshot/manager.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.4.39/editor/screenshot/manager.php#L33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/screenshot/manager.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}