cleantalk
Vulnerabilities and Security Researches

Brizy – Page Builder, CVE-2020-36714

CVE, Research URL

CVE-2020-36714

Home page URL

Security reports for Brizy – Page Builder

Application

Brizy – Page Builder

Published on
Oct 20, 2023
Research Description
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.
Affected versions
Min -, max 2.4.30.
Status
vulnerable
Previous vulnerability researches
Brizy – Page Builder (CVE-2025-4370) , Jul 29, 2025
Brizy – Page Builder (CVE-2025-32198) , Apr 10, 2025
Brizy – Page Builder (CVE-2024-10960) , Feb 16, 2025
Brizy – Page Builder (CVE-2024-10322) , Feb 16, 2025
Brizy – Page Builder (CVE-2024-6254) , Aug 08, 2024
New vulnerability
StreamWeasels Kick Integration (CVE-2025-7810) , Jul 30, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-13507) , Jul 30, 2025
Brizy – Page Builder (CVE-2025-4370) , Jul 29, 2025
Thumbnail carousel slider (CVE-2015-10144) , Jul 29, 2025
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions (CVE-2025-8104) , Jul 29, 2025