cleantalk
Vulnerabilities and Security Researches

Brizy – Page Builder, CVE-2025-4370

CVE, Research URL

CVE-2025-4370

Home page URL

Security reports for Brizy – Page Builder

Application

Brizy – Page Builder

Published on
Jul 29, 2025
Research Description
The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server.
Affected versions
Min -, max 2.6.21.
Status
vulnerable
Previous vulnerability researches
Search engine keywords highlighter (CVE-2025-31442) , Apr 05, 2025
New vulnerability
StreamWeasels Kick Integration (CVE-2025-7810) , Jul 30, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-13507) , Jul 30, 2025
Brizy – Page Builder (CVE-2025-4370) , Jul 29, 2025
Thumbnail carousel slider (CVE-2015-10144) , Jul 29, 2025
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions (CVE-2025-8104) , Jul 29, 2025