cleantalk
Vulnerabilities and Security Researches

Brizy – Page Builder, CVE-2021-38344

CVE, Research URL

CVE-2021-38344

Home page URL

Security reports for Brizy – Page Builder

Application

Brizy – Page Builder

Published on
Oct 14, 2021
Research Description
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page.
Affected versions
max 2.3.12.
Status
vulnerable
Previous vulnerability researches
Brizy &#8211; Page Builder (CVE-2025-4370) , Jul 29, 2025
Brizy &#8211; Page Builder (CVE-2025-32198) , Apr 10, 2025
Brizy &#8211; Page Builder (CVE-2024-10960) , Feb 16, 2025
Brizy &#8211; Page Builder (CVE-2024-10322) , Feb 16, 2025
Brizy &#8211; Page Builder (CVE-2024-6254) , Aug 08, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs &#8211; Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025