CVE-2021-38345

Name of the Vulnerable Software and Affected Versions Brizy Page Builder plugin versions 2.3.11 and earlier Brizy versions 1.0.127 and earlier, excluding version 1.0.126

Description The Brizy Page Builder plugin for WordPress used an incorrect authorization check, allowing any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. This issue was previously found and fixed in Brizy version 1.0.126 but was reintroduced in version 1.0.127.

Recommendations For Brizy Page Builder plugin versions 2.3.11 and earlier, update to a version later than 2.3.11 to resolve the issue. For Brizy versions 1.0.127 and earlier, excluding version 1.0.126, update to version 1.0.126 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the wp-admin directory to minimize the risk of exploitation.