Product
brizy
32 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-4370
CVE-2025-32198
CVE-2025-26902
CVE-2025-26901
CVE-2024-10322
CVE-2024-10960
CVE-2025-22763
CVE-2024-6254
CVE-2024-3242
CVE-2024-1937
CVE-2024-1164
CVE-2024-3667
CVE-2024-2087
CVE-2024-1940
CVE-2024-1161
CVE-2024-3711
CVE-2024-34814
CVE-2023-44472
CVE-2024-1311
CVE-2024-1296
CVE-2024-1293
CVE-2024-1291
CVE-2024-1165
CVE-2023-51396
CVE-2020-36714
CVE-2023-2897
CVE-2022-2219
CVE-2022-2041
CVE-2022-2040
CVE-2021-38346
CVE-2021-38345
CVE-2021-38344
< 2.6.21
The Brizy - Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_extern
<= 2.6.14
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy brizy.Thi
<= 2.6.1
Cross-Site Request Forgery (CSRF) vulnerability in Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro:
<= 2.6.1
Missing Authorization vulnerability in Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.Thi
< 2.6.9
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all ve
< 2.6.5
The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '
<= 2.6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Re
< 2.5.2
The Brizy - Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.
< 2.4.45
The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in
< 2.4.45
The Brizy - Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check
< 2.4.44
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget er
< 2.4.44
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple wid
< 2.4.44
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all version
< 2.4.42
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to,
< 2.4.44
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for
< 2.4.44
The Brizy - Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability chec
< 2.7.31
Cross-Site Request Forgery (CSRF) vulnerability in Unyson unyson.This issue affects Unyson: from n/a through <= 2.7.29.
<= 2.7.28
Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28.
< 2.4.41
The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the s
< 2.4.41
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all ve
< 2.4.41
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in
< 2.4.41
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all
< 2.4.40
The Brizy - Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 vi
<= 2.4.29
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy - Page Builde
<= 1.0.125
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator()
<= 2.4.18
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is
< 2.7.27
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading
< 2.4.2
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as
< 2.4.2
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low
<= 2.3.11
The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of thei
>= 1.0.127 and <= 2.3.11
The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user access
<= 2.3.11
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers