CVE-2024-3242 – The Brizy Page Builder WordPress plugin allows ... (How to Fix)

Q: What is the severity of CVE-2024-3242?

CVE-2024-3242 has a CVSS score of 8.8 (HIGH). The Brizy Page Builder WordPress plugin allows authenticated attackers with contributor-level access or higher to upload arbitrary files due to insufficient file extension validation. This vulnerability can lead to remote code execution on affected WordPress sites. All versions up to and including 2.4.43 are vulnerable.

📋 TL;DR

The Brizy Page Builder WordPress plugin allows authenticated attackers with contributor-level access or higher to upload arbitrary files due to insufficient file extension validation. This vulnerability can lead to remote code execution on affected WordPress sites. All versions up to and including 2.4.43 are vulnerable.

💻 Affected Systems

Products:

Brizy - Page Builder WordPress plugin

Versions: All versions up to and including 2.4.43

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user with contributor role or higher; WordPress multisite installations may be affected differently.

📦 What is this software?

Brizy by Brizy

View all CVEs affecting Brizy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, malware deployment, or site defacement.

🟠

Likely Case

Unauthorized file upload leading to webshell installation and limited server access.

🟢

If Mitigated

File upload attempts blocked with proper validation; no impact beyond failed upload attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires contributor-level WordPress credentials; public proof-of-concept code exists in vulnerability reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.45

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3112878/brizy/trunk

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Brizy Page Builder. 4. Click 'Update Now' if update available. 5. If manual update needed, download version 2.4.45+ from WordPress.org and replace plugin files.

🔧 Temporary Workarounds

Temporary file upload restriction

linux

Restrict file uploads via .htaccess or web server configuration

# Add to .htaccess:
<FilesMatch "\.(php|sh|pl|py|cgi|exe)$">
  Order Deny,Allow
  Deny from all
</FilesMatch>

Disable plugin temporarily

all

Deactivate Brizy plugin until patched

wp plugin deactivate brizy

🧯 If You Can't Patch

Remove contributor role from untrusted users and restrict user registration
Implement web application firewall rules to block suspicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Brizy Page Builder version number

Check Version:

wp plugin get brizy --field=version

Verify Fix Applied:

Confirm plugin version is 2.4.45 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/uploads/brizy/, especially .php or .sh files
POST requests to /wp-admin/admin-ajax.php with action=storeImages

Network Indicators:

HTTP POST requests with multipart/form-data containing executable file types
Unusual outbound connections from WordPress server after file upload

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" AND action="storeImages")

📊 Metadata

CVE ID: CVE-2024-3242

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: July 18, 2024

Last Updated: January 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3242, you might also want to check these: