CVE-2021-38345 - Vulnerability Details - OpenCVE

The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Brizy	Brizy-page Builder

Configuration 1 [-]

OR	cpe:2.3:a:brizy:brizy-page_builder:::::wordpress:::*
	cpe:2.3:a:brizy:brizy-page_builder::::::::

No data.

References

Link	Providers
https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/

History

Fri, 14 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-10-14T15:56:51.848Z

Updated: 2025-02-14T18:11:40.173Z

Reserved: 2021-08-09T00:00:00.000Z

Link: CVE-2021-38345

Vulnrichment

Updated: 2024-08-04T01:37:16.512Z

NVD

Status : Modified

Published: 2021-10-14T16:15:09.257

Modified: 2024-11-21T06:16:51.703

Link: CVE-2021-38345

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["WordPress"], "product": "Brizy - Page Builder", "vendor": "Brizy.io", "versions": [{"lessThanOrEqual": "2.3.11", "status": "affected", "version": "2.3.11", "versionType": "custom"}, {"lessThan": "1.0.127*", "status": "affected", "version": "1.0.127", "versionType": "custom"}, {"lessThanOrEqual": "1.0.125", "status": "affected", "version": "1.0.125", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ramuel Gall, Wordfence"}], "datePublic": "2021-10-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-14T15:56:51.000Z", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}], "source": {"discovery": "INTERNAL"}, "title": "Brizy <= 1.0.125 and 1.0.127 \u2013 2.3.11 Incorrect authorization checks allowing Post modification", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@wordfence.com", "DATE_PUBLIC": "2021-10-13T00:00:00.000Z", "ID": "CVE-2021-38345", "STATE": "PUBLIC", "TITLE": "Brizy <= 1.0.125 and 1.0.127 \u2013 2.3.11 Incorrect authorization checks allowing Post modification"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Brizy - Page Builder", "version": {"version_data": [{"platform": "WordPress", "version_affected": "<=", "version_name": "2.3.11", "version_value": "2.3.11"}, {"platform": "WordPress", "version_affected": ">=", "version_name": "1.0.127", "version_value": "1.0.127"}, {"platform": "WordPress", "version_affected": "<=", "version_name": "1.0.125", "version_value": "1.0.125"}]}}]}, "vendor_name": "Brizy.io"}]}}, "credit": [{"lang": "eng", "value": "Ramuel Gall, Wordfence"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:37:16.512Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-14T18:11:32.272525Z", "id": "CVE-2021-38345", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-14T18:11:40.173Z"}}]}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2021-38345", "datePublished": "2021-10-14T15:56:51.848Z", "dateReserved": "2021-08-09T00:00:00.000Z", "dateUpdated": "2025-02-14T18:11:40.173Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:37:16.512Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-38345", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-14T18:11:32.272525Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-14T18:11:26.704Z"}}], "cna": {"title": "Brizy <= 1.0.125 and 1.0.127 \u2013 2.3.11 Incorrect authorization checks allowing Post modification", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "value": "Ramuel Gall, Wordfence"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Brizy.io", "product": "Brizy - Page Builder", "versions": [{"status": "affected", "version": "2.3.11", "versionType": "custom", "lessThanOrEqual": "2.3.11"}, {"status": "affected", "version": "1.0.127", "lessThan": "1.0.127*", "versionType": "custom"}, {"status": "affected", "version": "1.0.125", "versionType": "custom", "lessThanOrEqual": "1.0.125"}], "platforms": ["WordPress"]}], "datePublic": "2021-10-13T00:00:00.000Z", "references": [{"url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/", "tags": ["x_refsource_MISC"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2021-10-14T15:56:51.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Ramuel Gall, Wordfence"}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, "source": {"discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"platform": "WordPress", "version_name": "2.3.11", "version_value": "2.3.11", "version_affected": "<="}, {"platform": "WordPress", "version_name": "1.0.127", "version_value": "1.0.127", "version_affected": ">="}, {"platform": "WordPress", "version_name": "1.0.125", "version_value": "1.0.125", "version_affected": "<="}]}, "product_name": "Brizy - Page Builder"}]}, "vendor_name": "Brizy.io"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/", "name": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-38345", "STATE": "PUBLIC", "TITLE": "Brizy <= 1.0.125 and 1.0.127 \u2013 2.3.11 Incorrect authorization checks allowing Post modification", "ASSIGNER": "security@wordfence.com", "DATE_PUBLIC": "2021-10-13T00:00:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2021-38345", "state": "PUBLISHED", "dateUpdated": "2025-02-14T18:11:40.173Z", "dateReserved": "2021-08-09T00:00:00.000Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2021-10-14T15:56:51.848Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brizy:brizy-page_builder:*:*:*:*:wordpress:*:*:*", "matchCriteriaId": "C4BC9503-BB49-4E6B-920C-AF44BAFC8A25", "versionEndExcluding": "1.0.1.126", "vulnerable": true}, {"criteria": "cpe:2.3:a:brizy:brizy-page_builder:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF77E7C3-3D70-4A71-A70E-97C1423ECE14", "versionEndIncluding": "2.3.11", "versionStartIncluding": "1.0.127", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127."}, {"lang": "es", "value": "El plugin Brizy Page Builder versiones anteriores a 2.3.11 incluy\u00e9ndola, para WordPress usaba una comprobaci\u00f3n de autorizaci\u00f3n incorrecta que permit\u00eda a cualquier usuario conectado que accediera a cualquier endpoint del directorio wp-admin modificar el contenido de cualquier entrada o p\u00e1gina presente creada con el editor Brizy. Un problema id\u00e9ntico fue encontrado por otro investigador en Brizy versiones anteriores a 1.0.125 incluy\u00e9ndola, y corregido en la versi\u00f3n 1.0.126, pero la vulnerabilidad fue reintroducida en la versi\u00f3n 1.0.127"}], "id": "CVE-2021-38345", "lastModified": "2024-11-21T06:16:51.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-14T16:15:09.257", "references": [{"source": "security@wordfence.com", "tags": ["Vendor Advisory"], "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}