- Description
- The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Analyzed
- Products
- brizy
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-434
- Hype score
- Not currently trending
WordPressの人気プラグイン 「Brizy – Page Builder 」で重大な脆弱性(CVE-2024-10960) #セキュリティ対策 #セキュリティ https://t.co/iUXSKaCoVs
@securityLab_jp
18 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
8万サイト以上が使用するWordPressのプラグインBrizy – Page Builderに重大(Critical)な脆弱性。CVE-2024-10960はCVSSスコア9.9で、storeUploads関数における検証不備。貢献者以上の権限を持つ攻撃者が任意のファイルをアプロード可能。 https://t.co/OTTnFe7cqr
@__kokumoto
16 Feb 2025
1354 Impressions
7 Retweets
12 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brizy:brizy:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "318CE83C-F93C-4B84-AACF-541CDB997487",
"versionEndExcluding": "2.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]