CVE-2024-1937 – The Brizy Page Builder WordPress plugin has an ... (How to Fix)

Q: What is the severity of CVE-2024-1937?

CVE-2024-1937 has a CVSS score of 7.1 (HIGH). The Brizy Page Builder WordPress plugin has an authorization bypass vulnerability that allows authenticated users with contributor-level access or higher to modify any published post content. This can lead to injection of malicious JavaScript into websites. All WordPress sites using Brizy Page Builder versions up to 2.4.44 are affected.

📋 TL;DR

The Brizy Page Builder WordPress plugin has an authorization bypass vulnerability that allows authenticated users with contributor-level access or higher to modify any published post content. This can lead to injection of malicious JavaScript into websites. All WordPress sites using Brizy Page Builder versions up to 2.4.44 are affected.

💻 Affected Systems

Products:

Brizy – Page Builder WordPress plugin

Versions: All versions up to and including 2.4.44

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Brizy plugin enabled and at least one user with contributor role or higher.

📦 What is this software?

Brizy by Brizy

View all CVEs affecting Brizy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers inject persistent cross-site scripting (XSS) payloads into high-traffic pages, compromising all visitors and potentially leading to credential theft, malware distribution, or complete site takeover.

🟠

Likely Case

Malicious contributors or compromised accounts modify posts to insert phishing content, redirects, or cryptocurrency miners, damaging site reputation and user trust.

🟢

If Mitigated

With proper access controls and monitoring, unauthorized modifications are detected and reverted before causing significant harm.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker has contributor credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.45

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3112878/brizy/trunk/editor/api.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Brizy Page Builder and click 'Update Now'. 4. Verify version shows 2.4.45 or higher.

🔧 Temporary Workarounds

Disable Brizy Plugin

all

Temporarily deactivate the Brizy Page Builder plugin until patched.

wp plugin deactivate brizy

Restrict Contributor Access

all

Temporarily downgrade or remove contributor roles from untrusted users.

wp user set-role <username> subscriber

🧯 If You Can't Patch

Implement strict access controls and review all users with contributor or higher privileges.
Enable WordPress security plugins with file integrity monitoring and regular content audits.

🔍 How to Verify

Check if Vulnerable:

Check Brizy plugin version in WordPress admin under Plugins → Installed Plugins. If version is 2.4.44 or lower, you are vulnerable.

Check Version:

wp plugin get brizy --field=version

Verify Fix Applied:

After updating, confirm Brizy plugin version shows 2.4.45 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual post modifications by contributor-level users
Multiple post updates in short timeframes from same user

Network Indicators:

Unexpected JavaScript loading from modified posts
External script calls from previously static content

SIEM Query:

source="wordpress" (event="post_modified" OR event="content_update") user_role="contributor" OR user_role="author"

📊 Metadata

CVE ID: CVE-2024-1937

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CWE: CWE-862

Published: July 16, 2024

Last Updated: January 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1937, you might also want to check these: