Brizy Page Builder < 2.4.2 – Contributor+ Stored Cross-Site Scripting via Element URL | CVE 2022-2040 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Proof of Concept

As a contributor or above, create a post using Brizy editor, add an Icon or Button element and put the following payload in the "Link to" setting: ";</script><script>alert("XSS")</script>

The XSS will be triggered when viewing/previewing the post (for example when an admin reviews it)

Affects Plugins

Fixed in 2.4.2

References

CVE

URL

https://www.fortiguard.com/zeroday/FG-VD-21-111

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Vishnupriya ilango

Submitter

Vishnupriya ilango

Submitter website

https://www.fortiguard.com/zeroday

Verified

Yes

WPVDB ID

ab53a70c-57d5-400f-b11f-b1b7b2b0cf01

Timeline

Publicly Published

2022-06-21 (about 3 years ago)

Added

2022-06-21 (about 3 years ago)

Last Updated

2023-03-27 (about 2 years ago)

Other

Published

Title

Published

2025-01-07

Title

Live Flight Radar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2015-12-22

Title

Content text slider on post < 6.9 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2025-04-04

Title

LA-Studio Element Kit for Elementor < 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-11-19

Title

Wc Recently viewed products <= 1.0.1 - Reflected Cross-Site Scripting

Published

2024-05-17

Title

Contact Form Plugin by Fluent Forms < 5.1.14 - Subscriber+ Stored XSS