Brizy – Page Builder, CVE-2025-4370
- CVE, Research URL
- Home page URL
- Application
- Published on
- Jul 29, 2025
- Research Description
- The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server.
- Affected versions
-
Min -, max 2.6.21.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| Wonder Slider Lite (CVE-2025-7501) , Jul 26, 2025 |
| Wonder Slider Lite (CVE-2024-24877) , Jun 07, 2024 |