CVE-2024-1164

Name of the Vulnerable Software and Affected Versions Brizy – Page Builder plugin for WordPress versions prior to 2.4.44

Description The issue is related to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL due to insufficient input sanitization and output escaping on user-supplied error messages. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Recommendations For versions prior to 2.4.44, update to version 2.4.44 or later to resolve the issue. As a temporary workaround, consider restricting contributor-level and above permissions to minimize the risk of exploitation.