Brizy 1.0.127 – 2.3.11 – Incorrect Authorization to Post Modification | CVE 2021-38345 | Plugin Vulnerabilities

Description

The Brizy - Page Builder plugin used the Brizy_Editor::is_administrator and Brizy_Editor_User:is_administrator functions for a wide variety of authorization checks, and any user that passed one of these checks was assumed to be an administrator, effectively bypassing almost all of the other capability checks used in the plugin. Unfortunately, due to a logic flaw, being logged in and accessing any endpoint in the wp-admin directory was sufficient to pass this check due to the use of the is_admin() function for authorization checking.

This is identical to https://wpscan.com/vulnerability/03b9c219-6cbc-4735-8bea-041a27212c31 patched in 1.0.126 and was reintroduced in version 1.0.127

Affects Plugins

Fixed in 2.3.12

References

CVE

URL

https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Ramuel Gall

Submitter

Ramuel Gall

Submitter twitter

Verified

Yes

WPVDB ID

28183974-bb74-46dd-9cbb-49722def7cb0

Timeline

Publicly Published

2021-10-13 (about 4 years ago)

Added

2021-10-13 (about 4 years ago)

Last Updated

2022-04-08 (about 4 years ago)

Other

Published

Title

Published

2021-04-20

Title

Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post Deletion

Published

2024-02-28

Title

Download Manager < 3.2.85 - Unauthenticated File Download

Published

2024-04-26

Title

Analytify < 5.2.4 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification

Published

2024-04-29

Title

Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API

Published

2021-06-18

Title

404 to 301 < 3.0.8 - Broken Access Control