CVE-2024-10322
📋 TL;DR
The Brizy Page Builder WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with Author-level access or higher to upload malicious SVG files containing JavaScript. When users access these SVG files, the scripts execute in their browsers, potentially compromising their accounts or sessions. This affects all WordPress sites using Brizy Page Builder versions up to 2.6.8.
💻 Affected Systems
- Brizy – Page Builder WordPress plugin
📦 What is this software?
Brizy by Brizy
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, install backdoors, redirect users to malicious sites, or perform actions on behalf of authenticated users, potentially leading to complete site compromise.
Likely Case
Attackers with Author access could inject malicious scripts to steal user session cookies, redirect visitors to phishing sites, or deface website content.
If Mitigated
With proper user access controls and content security policies, the impact is limited to the specific user accessing the malicious SVG file.
🎯 Exploit Status
Exploitation requires authenticated access (Author role or higher). The vulnerability is in the REST API SVG file upload functionality with insufficient input sanitization.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.9
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3231744/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Brizy Page Builder and click 'Update Now'. 4. Alternatively, download version 2.6.9+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable SVG uploads via REST API
allAdd code to functions.php to restrict SVG uploads through REST API endpoints
add_filter('rest_upload_mimes', function($mimes) { unset($mimes['svg']); return $mimes; });
Restrict user roles
allLimit users with Author-level permissions or higher to trusted individuals only
🧯 If You Can't Patch
- Temporarily disable the Brizy plugin if not essential for site functionality
- Implement strict Content Security Policy (CSP) headers to restrict script execution from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Brizy Page Builder version. If version is 2.6.8 or lower, you are vulnerable.Check Version:
wp plugin list --name=brizy --field=versionVerify Fix Applied:
After updating, verify the Brizy plugin version shows 2.6.9 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SVG file uploads via REST API
- Multiple failed login attempts followed by SVG uploads
- User role escalation attempts
Network Indicators:
- POST requests to /wp-json/wp/v2/media with SVG content
- Unusual outbound connections after SVG file access
SIEM Query:
source="wordpress" AND (uri_path="/wp-json/wp/v2/media" AND file_extension="svg")