IP Address Spoofing Vulnerability in Brizy Page Builder Plugin for WordPress
CVE-2023-2897
5.3MEDIUM
What is CVE-2023-2897?
The Brizy Page Builder plugin for WordPress presents a vulnerability characterized by IP Address Spoofing due to an implicit trust of user-supplied IP addresses from the 'X-Forwarded-For' HTTP header. This vulnerability impacts versions up to and including 2.4.18, permitting attackers to bypass maintenance mode protection by submitting a whitelisted IP address in the header. Consequently, this can result in unauthorized access to restricted functionalities and possible exposure of sensitive information.
Affected Version(s)
Brizy – Page Builder * <= 2.4.18