Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1.
Published: 2025-01-21
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of input during web page generation in the Brizy Pro plugin leads to a reflected XSS flaw that allows an attacker to inject and execute arbitrary script within a victim’s browser when the victim accesses a specially crafted request generated by the plugin. The weakness is identified as CWE‑79, a type of input validation bypass.

Affected Systems

The vulnerability affects the Brizy Pro WordPress plugin versions from the earliest release up to and including 2.6.1. All installations of this plugin using those versions are potentially vulnerable, regardless of the WordPress core version.

Risk and Exploitability

The CVSS score of 7.1 reflects a moderate‑to‑high potential for exploitation. The EPSS score of less than 1% indicates a low current likelihood of exploitation. The vulnerability is not listed in CISA KEV. Based on the description, the likely attack vector involves a victim visiting a maliciously constructed URL or submitting a crafted form that triggers the plugin’s page generation, causing the embedded script to run. No elevated privileges or remote code execution beyond the victim’s browser context is indicated.

Generated by OpenCVE AI on May 2, 2026 at 05:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official upgrade to Brizy Pro (version 2.6.2 or newer).
  • If an update cannot be applied immediately, delete or deactivate the vulnerable Brizy Pro plugin until a fix is available.
  • Implement a strict content security policy that blocks inline scripts and limits script execution sources to reduce the impact of any remaining reflected XSS vectors.

Generated by OpenCVE AI on May 2, 2026 at 05:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-2977 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1.
History

Tue, 28 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro brizy-pro allows Reflected XSS.This issue affects Brizy Pro: from n/a through <= 2.8.0. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1.
Title WordPress Brizy Pro plugin <= 2.8.0 - Cross Site Scripting (XSS) vulnerability WordPress Brizy Pro Plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro brizy-pro allows Reflected XSS.This issue affects Brizy Pro: from n/a through <= 2.8.0.
Title WordPress Brizy Pro Plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability WordPress Brizy Pro plugin <= 2.8.0 - Cross Site Scripting (XSS) vulnerability
References

Fri, 08 Aug 2025 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Brizy
Brizy brizy
CPEs cpe:2.3:a:brizy:brizy:*:*:*:*:pro:wordpress:*:*
Vendors & Products Brizy
Brizy brizy

Tue, 21 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Jan 2025 13:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1.
Title WordPress Brizy Pro Plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Brizy Brizy
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:06.729Z

Reserved: 2025-01-07T21:04:45.366Z

Link: CVE-2025-22763

cve-icon Vulnrichment

Updated: 2025-01-21T14:28:47.938Z

cve-icon NVD

Status : Modified

Published: 2025-01-21T14:15:12.900

Modified: 2026-04-28T19:28:34.693

Link: CVE-2025-22763

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T06:00:13Z

Weaknesses