Authorization Bypass Vulnerability in Brizy Page Builder Plugin by WordPress
CVE-2020-36714

8.1HIGH

Key Information:

Vendor: Wordpress
Status: Brizy – Page Builder
Vendor: CVE Published:; 20 October 2023

Summary

The Brizy plugin for WordPress contains a vulnerability that allows for authorization bypass due to an improper capability check in the is_administrator() function. This flaw, present in versions up to and including 1.0.125, could potentially allow authenticated attackers to gain unauthorized access to various AJAX functions within the plugin, leading to manipulation or retrieval of sensitive data.

Affected Version(s)

Brizy – Page Builder * < 1.0.126

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.nintechnet.com/wordpress-brizy-page-builder-...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet