Name of the Vulnerable Software and Affected Versions:

Brizy – Page Builder plugin for WordPress versions up to and including 2.6.20

Description:

The Brizy – Page Builder plugin for WordPress is susceptible to limited file uploads due to missing authorization in the `process external asset urls()` function and missing path validation in the `store file()` function. This allows unauthenticated attackers to upload .TXT files to the affected site’s server.

Recommendations:

Update Brizy – Page Builder plugin to a version later than 2.6.20.

As a temporary workaround, restrict access to the `process external asset urls()` function.

As a temporary workaround, restrict access to the `store file()` function.