CVE-2021-38345 - OpenCVE

The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Brizy	Brizy-page Builder

Configuration 1 [-]

OR	cpe:2.3:a:brizy:brizy-page_builder:::::wordpress:::*
	cpe:2.3:a:brizy:brizy-page_builder::::::::

References

Link	Resource
https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-10-13T00:00:00

Updated: 2021-10-14T15:56:51

Reserved: 2021-08-09T00:00:00

Link: CVE-2021-38345

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-14T16:15:09.257

Modified: 2022-10-27T13:04:23.713

Link: CVE-2021-38345

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"platforms": ["WordPress"], "product": "Brizy - Page Builder", "vendor": "Brizy.io", "versions": [{"lessThanOrEqual": "2.3.11", "status": "affected", "version": "2.3.11", "versionType": "custom"}, {"lessThan": "1.0.127*", "status": "affected", "version": "1.0.127", "versionType": "custom"}, {"lessThanOrEqual": "1.0.125", "status": "affected", "version": "1.0.125", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ramuel Gall, Wordfence"}], "datePublic": "2021-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-14T15:56:51", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}], "source": {"discovery": "INTERNAL"}, "title": "Brizy <= 1.0.125 and 1.0.127 \u2013 2.3.11 Incorrect authorization checks allowing Post modification", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@wordfence.com", "DATE_PUBLIC": "2021-10-13T00:00:00.000Z", "ID": "CVE-2021-38345", "STATE": "PUBLIC", "TITLE": "Brizy <= 1.0.125 and 1.0.127 \u2013 2.3.11 Incorrect authorization checks allowing Post modification"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Brizy - Page Builder", "version": {"version_data": [{"platform": "WordPress", "version_affected": "<=", "version_name": "2.3.11", "version_value": "2.3.11"}, {"platform": "WordPress", "version_affected": ">=", "version_name": "1.0.127", "version_value": "1.0.127"}, {"platform": "WordPress", "version_affected": "<=", "version_name": "1.0.125", "version_value": "1.0.125"}]}}]}, "vendor_name": "Brizy.io"}]}}, "credit": [{"lang": "eng", "value": "Ramuel Gall, Wordfence"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}]}, "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2021-38345", "datePublished": "2021-10-13T00:00:00", "dateReserved": "2021-08-09T00:00:00", "dateUpdated": "2021-10-14T15:56:51", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brizy:brizy-page_builder:*:*:*:*:wordpress:*:*:*", "matchCriteriaId": "C4BC9503-BB49-4E6B-920C-AF44BAFC8A25", "versionEndExcluding": "1.0.1.126", "vulnerable": true}, {"criteria": "cpe:2.3:a:brizy:brizy-page_builder:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF77E7C3-3D70-4A71-A70E-97C1423ECE14", "versionEndIncluding": "2.3.11", "versionStartIncluding": "1.0.127", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}, {"lang": "es", "value": "El plugin Brizy Page Builder versiones anteriores a 2.3.11 incluy\u00e9ndola, para WordPress usaba una comprobaci\u00f3n de autorizaci\u00f3n incorrecta que permit\u00eda a cualquier usuario conectado que accediera a cualquier endpoint del directorio wp-admin modificar el contenido de cualquier entrada o p\u00e1gina presente creada con el editor Brizy. Un problema id\u00e9ntico fue encontrado por otro investigador en Brizy versiones anteriores a 1.0.125 incluy\u00e9ndola, y corregido en la versi\u00f3n 1.0.126, pero la vulnerabilidad fue reintroducida en la versi\u00f3n 1.0.127"}], "id": "CVE-2021-38345", "lastModified": "2022-10-27T13:04:23.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2021-10-14T16:15:09.257", "references": [{"source": "security@wordfence.com", "tags": ["Vendor Advisory"], "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}