The Brizy – Page Builder plugin for WordPress is vulnerable to a limited file upload flaw caused by missing authorization checks in the process_external_asset_urls function and insufficient path validation in the store_file function. The issue allows an unauthenticated user to upload .TXT files to the application’s file system, giving the attacker the ability to place arbitrary content on the server. The upload limitation is specific to .TXT files, but the presence of user-supplied files could be leveraged by an attacker to craft subsequent attacks that rely on the existence of that content, potentially affecting confidentiality and data integrity. This flaw represents a moderate risk to the affected WordPress site, as it permits the attacker to add files without authentication but does not grant immediate code execution.

All installations of the themefusecom Brizy – Page Builder plugin for WordPress up to and including version 2.6.20 are affected. The vulnerability is present in the free WordPress edition. The plugin versions listed in the known references indicate the flaw exists in tags 2.6.17 and earlier.

The CVSS score of 5.3 indicates a medium severity. The EPSS score of <1% suggests a very low probability of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a web application request to the vulnerable upload endpoints, which does not require authentication. An attacker can exploit the flaw by sending a crafted HTTP request that triggers the asset processing functions, resulting in a .TXT file being stored on the server.