Cross-site Scripting Vulnerability in Brizy Pro by NotFound
CVE-2025-22763

7.1HIGH

Key Information:

Vendor: Notfound
Status: Brizy Pro
Vendor: CVE Published:; 21 January 2025

Summary

The Brizy Pro plugin, developed by NotFound, is affected by an improper neutralization of input during web page generation, leading to a reflected cross-site scripting (XSS) vulnerability. This flaw can allow attackers to inject malicious scripts into web pages, potentially affecting users accessing the vulnerable site. This issue affects all versions of Brizy Pro up to 2.6.1, posing significant security risks for its users and necessitating immediate action to mitigate the exposure.

Affected Version(s)

Brizy Pro <= 2.6.1

References

https://patchstack.com/database/wordpress/plugin/brizy-pr...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Rafie Muhammad (Patchstack)