Brizy - Page Builder < 1.0.126 - Improper Access Controls on AJAX Calls



Description
The plugin does not properly check for access controls on AJAX calls, resulting in authenticated user with low privileges being able to gain access to the editor functions.

Affects Plugin

fixed in version 1.0.126

References

URL https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 1057
Verified No
WPVDB ID 10261

Timeline

Publicly Published 2020-06-10 (29 days ago)
Added 2020-06-10 (29 days ago)
Last Updated 2020-06-11 (28 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin