cleantalk
Vulnerabilities and Security Researches

Brizy – Page Builder, CVE-2021-38345

CVE, Research URL

CVE-2021-38345

Home page URL

Security reports for Brizy – Page Builder

Application

Brizy – Page Builder

Published on
Oct 14, 2021
Research Description
The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.
Affected versions
Min -, max 2.3.12.
Status
vulnerable
Previous vulnerability researches
Brizy &#8211; Page Builder (CVE-2025-32198) , Apr 10, 2025
Brizy &#8211; Page Builder (CVE-2024-10960) , Feb 16, 2025
Brizy &#8211; Page Builder (CVE-2024-10322) , Feb 16, 2025
Brizy &#8211; Page Builder (CVE-2024-6254) , Aug 08, 2024
Brizy &#8211; Page Builder (CVE-2024-1937) , Jul 17, 2024
New vulnerability
Contact Form by WPForms – Drag & Drop Form Builder for WordPress (CVE-2025-3794) , May 10, 2025
Jeg Elementor Kit (CVE-2025-2944) , May 10, 2025
1 Click WordPress Migration Plugin &#8211; 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025