CVE-2024-1164
📋 TL;DR
The Brizy Page Builder WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with contributor-level permissions or higher to inject malicious scripts into pages. These scripts execute when users visit the compromised pages, potentially stealing session cookies or redirecting users. All WordPress sites using Brizy Page Builder versions up to 2.4.43 are affected.
💻 Affected Systems
- Brizy - Page Builder WordPress plugin
📦 What is this software?
Brizy by Brizy
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over WordPress sites, install backdoors, deface websites, or redirect users to malicious sites.
Likely Case
Attackers inject malicious scripts to steal user session cookies, perform phishing attacks, or redirect users to malicious content.
If Mitigated
With proper user role management and input validation, impact is limited to low-privileged user account compromise.
🎯 Exploit Status
Exploitation requires authenticated access with contributor role or higher. The vulnerability is in contact form widget error messages and redirect URLs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.44
Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Brizy Page Builder. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.4.44+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Brizy Plugin
allTemporarily disable the Brizy Page Builder plugin until patched.
wp plugin deactivate brizy
Restrict User Roles
allRemove contributor roles from untrusted users and limit who can create/edit pages.
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads in contact form submissions.
- Regularly audit user accounts and remove unnecessary contributor-level permissions.
🔍 How to Verify
Check if Vulnerable:
Check Brizy plugin version in WordPress admin panel under Plugins > Installed Plugins.Check Version:
wp plugin get brizy --field=versionVerify Fix Applied:
Verify Brizy plugin version is 2.4.44 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual contact form submissions with script tags
- Multiple page edits by contributor-level users
Network Indicators:
- Unexpected JavaScript execution from contact form pages
- Suspicious redirects from Brizy pages
SIEM Query:
source="wordpress" AND ("brizy" OR "contact form") AND ("script" OR "javascript" OR "onerror")🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9746cd9f-afb2-41b2-9e31-7c77222d9cfd?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9746cd9f-afb2-41b2-9e31-7c77222d9cfd?source=cve
