CVE-2024-3711

Name of the Vulnerable Software and Affected Versions Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.43

Description The issue is related to a missing capability check on the functions action request disable, action change template, and action request enable. This allows authenticated attackers with contributor access or above to enable or disable the Brizy editor and modify the template used.

Recommendations For versions up to, and including, 2.4.43, update to a version higher than 2.4.43 to resolve the issue. As a temporary workaround, consider restricting access to the action request disable, action change template, and action request enable functions until a patch is available.