cleantalk
Vulnerabilities and Security Researches

Brizy – Page Builder, CVE-2024-3711

CVE, Research URL

CVE-2024-3711

Home page URL

Security reports for Brizy – Page Builder

Application

Brizy – Page Builder

Published on
May 23, 2024
Research Description
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template, and action_request_enable in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access or above, to enable/disable the Brizy editor and modify the template used.
Affected versions
Min -, max 2.4.44.
Status
vulnerable
Previous vulnerability researches
Brizy – Page Builder (CVE-2025-32198) , Apr 10, 2025
Brizy – Page Builder (CVE-2024-10960) , Feb 16, 2025
Brizy – Page Builder (CVE-2024-10322) , Feb 16, 2025
Brizy – Page Builder (CVE-2024-6254) , Aug 08, 2024
Brizy – Page Builder (CVE-2024-1937) , Jul 17, 2024
New vulnerability
Contact Form by WPForms – Drag & Drop Form Builder for WordPress (CVE-2025-3794) , May 10, 2025
Jeg Elementor Kit (CVE-2025-2944) , May 10, 2025
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025