Description
Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.12.
Published: 2025-09-03
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This issue is a missing authorization flaw in the themefusecom Brizy WordPress plugin. The bug creates a broken access control that allows users with inappropriate privileges—or potentially unauthenticated users—to perform actions that should be restricted. The vulnerability could enable tampering with site configuration, content, or other privileged settings, leading to unauthorized data modification or compromise of site integrity.

Affected Systems

The Brizy plugin for WordPress, produced by themefusecom, is affected from the earliest available version through any revision up to and including 2.7.12. No other products are listed as impacted.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate risk rating, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Since the defect involves missing authorization checks, the likely attack vector is an authenticated session with insufficient privileges. An attacker with any user access, or possibly an unauthenticated actor if the plugin exposes endpoints, could exploit the flaw to gain unauthorized control over the plugin’s restricted functions.

Generated by OpenCVE AI on April 30, 2026 at 07:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Brizy to version 2.7.13 or later
  • Review and tighten WordPress role permissions to restrict access to Brizy plugin features to high‑privilege users only
  • Monitor plugin usage logs for abnormal access patterns and investigate any unauthorized activity

Generated by OpenCVE AI on April 30, 2026 at 07:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-26571 Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12. Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.12.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 03 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Brizy
Brizy brizy
Wordpress
Wordpress wordpress
Vendors & Products Brizy
Brizy brizy
Wordpress
Wordpress wordpress

Wed, 03 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Sep 2025 14:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.
Title WordPress Brizy Plugin <= 2.7.12 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Brizy Brizy
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:43.820Z

Reserved: 2025-09-03T09:02:27.116Z

Link: CVE-2025-58594

cve-icon Vulnrichment

Updated: 2025-09-03T17:39:24.938Z

cve-icon NVD

Status : Deferred

Published: 2025-09-03T15:15:40.110

Modified: 2026-04-23T15:33:25.693

Link: CVE-2025-58594

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T07:45:26Z

Weaknesses