CVE-2025-4370 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well…
Medium CVSS: 5.3

CVE-2025-4370

The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server.
Vendor
Brizy
Product
Brizy
CWE
CWE-862
Yayın Tarihi
2025-07-29 05:15:31
Güncelleme
2025-08-11 19:04:09
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-862 Brizy MEDIUM Brizy 2025

Referanslar

https://plugins.trac.wordpress.org/browser/brizy/tags/2.6.17/editor/asset/media-processor.php#L27 https://plugins.trac.wordpress.org/browser/brizy/tags/2.6.17/editor/asset/static-file-trait.php#L44 https://www.wordfence.com/threat-intel/vulnerabilities/id/db18f6b4-600d-4c63-a9f2-4e3b8ab4fba3?source=cve