cleantalk
Vulnerabilities and Security Researches

Brizy – Page Builder, CVE-2021-38344

CVE, Research URL

CVE-2021-38344

Home page URL

Security reports for Brizy – Page Builder

Application

Brizy – Page Builder

Published on
Oct 14, 2021
Research Description
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page.
Affected versions
Min -, max 2.3.12.
Status
vulnerable
Previous vulnerability researches
Brizy &#8211; Page Builder (CVE-2025-32198) , Apr 10, 2025
Brizy &#8211; Page Builder (CVE-2024-10960) , Feb 16, 2025
Brizy &#8211; Page Builder (CVE-2024-10322) , Feb 16, 2025
Brizy &#8211; Page Builder (CVE-2024-6254) , Aug 08, 2024
Brizy &#8211; Page Builder (CVE-2024-1937) , Jul 17, 2024
New vulnerability
Contact Form by WPForms – Drag & Drop Form Builder for WordPress (CVE-2025-3794) , May 10, 2025
Jeg Elementor Kit (CVE-2025-2944) , May 10, 2025
1 Click WordPress Migration Plugin &#8211; 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025