PT-2025-31165 · WordPress · Brizy – Page Builder
Michael Mazzolini
·
Published
2025-07-29
·
Updated
2025-08-14
·
CVE-2025-4370
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Brizy – Page Builder plugin for WordPress versions up to and including 2.6.20
Description
The Brizy – Page Builder plugin for WordPress is susceptible to limited file uploads due to missing authorization in the
process external asset urls() function and missing path validation in the store file() function. This allows unauthenticated attackers to upload .TXT files to the affected site’s server.Recommendations
Update Brizy – Page Builder plugin to a version later than 2.6.20.
As a temporary workaround, restrict access to the
process external asset urls() function.
As a temporary workaround, restrict access to the store file() function.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brizy – Page Builder