CVE-2024-1940 – The Brizy Page Builder WordPress plugin has a s... (How to Fix)

Q: What is the severity of CVE-2024-1940?

CVE-2024-1940 has a CVSS score of 7.1 (HIGH). The Brizy Page Builder WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with contributor-level access or higher to inject malicious scripts into pages. These scripts execute whenever users view the compromised pages, potentially affecting all visitors to vulnerable WordPress sites.

📋 TL;DR

The Brizy Page Builder WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with contributor-level access or higher to inject malicious scripts into pages. These scripts execute whenever users view the compromised pages, potentially affecting all visitors to vulnerable WordPress sites.

💻 Affected Systems

Products:

Brizy - Page Builder WordPress plugin

Versions: All versions up to and including 2.4.41

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Brizy plugin enabled and at least one user with contributor role or higher.

📦 What is this software?

Brizy by Brizy

View all CVEs affecting Brizy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users, potentially leading to complete site compromise.

🟠

Likely Case

Attackers with contributor access inject malicious scripts to steal user session cookies or redirect visitors to phishing sites, compromising user accounts and site integrity.

🟢

If Mitigated

With proper user role management and input validation, impact is limited to defacement or minor content manipulation by trusted users.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access with contributor privileges or higher. The vulnerability is in post content handling with insufficient server-side validation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.42 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055256%40brizy&new=3055256%40brizy&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Brizy Page Builder and click 'Update Now'. 4. Verify update to version 2.4.42 or higher.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable Brizy plugin until patched to prevent exploitation

wp plugin deactivate brizy

Restrict User Roles

all

Temporarily remove contributor roles or limit access to trusted users only

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to limit script execution
Use web application firewall (WAF) rules to block XSS payloads in post content

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Brizy Page Builder version. If version is 2.4.41 or lower, you are vulnerable.

Check Version:

wp plugin get brizy --field=version

Verify Fix Applied:

After updating, confirm Brizy plugin version is 2.4.42 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual post content modifications by contributor-level users
Script tags or JavaScript in post content from non-admin users

Network Indicators:

Unexpected script loads from Brizy-generated pages
Suspicious redirects from Brizy content

SIEM Query:

source="wordpress" AND (plugin="brizy" AND (event="post_modified" OR event="content_update") AND user_role="contributor")

📊 Metadata

CVE ID: CVE-2024-1940

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CWE: CWE-79

Published: June 5, 2024

Last Updated: January 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1940, you might also want to check these: