Which Brizy – Page Builder CVEs are tracked?

Brizy – Page Builder tracked CVEs include CVE-2024-10960, CVE-2024-3242, CVE-2024-1311, CVE-2021-38346, and CVE-2024-3667.

How many Brizy – Page Builder vulnerabilities have patch guidance?

31 of 31 tracked Brizy – Page Builder records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 31 known issues Latest disclosed May 01, 2026

Brizy – Page Builder Vulnerabilities

Review known vulnerability records for the WordPress plugin Brizy – Page Builder (`brizy`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-5324, CVE-2026-32408 and CVE-2025-0969, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

May 01, 2026

Priority CVE Quick Links

Fast paths into Brizy – Page Builder CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-10960 Critical 2.6.5

CVE-2024-10960 Brizy – Page Builder Remote Code Execution

Brizy – Page Builder <= 2.6.4 - Authenticated (Contributor+) Arbitrary File Upload via storeUploads

CVE-2024-3242 High 2.4.45

CVE-2024-3242 Brizy – Page Builder Remote Code Execution

Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload

CVE-2024-1311 High 2.4.41

CVE-2024-1311 Brizy – Page Builder Remote Code Execution

Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Arbitrary File Upload

CVE-2021-38346 High 2.3.12

CVE-2021-38346 Brizy – Page Builder File Upload

Brizy Page Builder <= 2.3.11 - Authenticated File Upload and Path Traversal

CVE-2024-3667 High 2.4.44

CVE-2024-3667 Brizy – Page Builder Stored Cross-Site Scripting

Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget Link To URL

CVE-2020-36714 High 1.0.126

CVE-2020-36714 Brizy – Page Builder Authorization Bypass

Brizy < 1.0.126 - Authorization Bypass to Settings Updates

CVE-2026-5324 High 2.8.12

CVE-2026-5324 Brizy – Page Builder Stored Cross-Site Scripting

Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

CVE-2024-2087 High 2.4.44

CVE-2024-2087 Brizy – Page Builder Stored Cross-Site Scripting

Brizy – Page Builder <= 2.4.43 - Unauthenticated Stored Cross-Site Scripting via Form

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Brizy – Page Builder so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

31 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

1 critical and 10 high severity findings.

Recent CVEs

CVE-2026-5324, CVE-2026-32408 and CVE-2025-0969

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-5324 High Patch path listed

CVE-2026-5324: Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missin...

Published

May 01, 2026

Patch Status

2.8.12

Open CVE-2026-5324 Report

CVE-2026-32408 Medium Patch path listed

CVE-2026-32408: Brizy <= 2.7.23 - Missing Authorization

The Brizy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.7.23. This makes it possible for authe...

Published

Feb 22, 2026

Patch Status

2.7.24

Open CVE-2026-32408 Report

CVE-2025-0969 Medium Patch path listed

CVE-2025-0969: Brizy – Page Builder <= 2.7.16 - Authenticated (Contributor+) Sensitive Information Exposure via get_users Function

The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get_users() function. This makes it possibl...

Published

Dec 12, 2025

Patch Status

2.7.17

Open CVE-2025-0969 Report

Known Vulnerabilities

Reports for Brizy – Page Builder

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2026-5324

CVE-2026-5324: Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUp...

Published

May 01, 2026

Patched Release

2.8.12

Affected Versions

Versions up to 2.8.11

Next Step

Update to 2.8.12 or newer if supported.

Open CVE-2026-5324 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2026-32408

CVE-2026-32408: Brizy <= 2.7.23 - Missing Authorization

The Brizy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.7.23. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized ac...

Published

Feb 22, 2026

Patched Release

2.7.24

Affected Versions

Versions up to 2.7.23

Next Step

Update to 2.7.24 or newer if supported.

Open CVE-2026-32408 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-0969

CVE-2025-0969: Brizy – Page Builder <= 2.7.16 - Authenticated (Contributor+) Sensitive Information Exposure via get_users Function

The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get_users() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensiti...

Published

Dec 12, 2025

Patched Release

2.7.17

Affected Versions

Versions up to 2.7.16

Next Step

Update to 2.7.17 or newer if supported.

Open CVE-2025-0969 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-58594

CVE-2025-58594: Brizy <= 2.7.12 - Missing Authorization

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.7.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform...

Published

Sep 03, 2025

Patched Release

2.7.13

Affected Versions

Versions up to 2.7.12

Next Step

Update to 2.7.13 or newer if supported.

Open CVE-2025-58594 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-4370

CVE-2025-4370: Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload

The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible...

Published

Jul 28, 2025

Patched Release

2.6.21

Affected Versions

Versions up to 2.6.20

Next Step

Update to 2.6.21 or newer if supported.

Open CVE-2025-4370 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-32198

CVE-2025-32198: Brizy <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Brizy plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a...

Published

Apr 04, 2025

Patched Release

2.7.8

Affected Versions

Versions up to 2.7.7

Next Step

Update to 2.7.8 or newer if supported.

Open CVE-2025-32198 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-10322

CVE-2024-10322: Brizy – Page Builder <= 2.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

Published

Feb 12, 2025

Patched Release

2.6.9

Affected Versions

Versions up to 2.6.8

Next Step

Update to 2.6.9 or newer if supported.

Open CVE-2024-10322 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2024-10960

CVE-2024-10960: Brizy – Page Builder <= 2.6.4 - Authenticated (Contributor+) Arbitrary File Upload via storeUploads

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access...

Published

Feb 11, 2025

Patched Release

2.6.5

Affected Versions

Versions up to 2.6.4

Next Step

Update to 2.6.5 or newer if supported.

Open CVE-2024-10960 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-6254

CVE-2024-6254: Brizy – Page Builder <= 2.5.1 - Cross-Site Request Forgery

The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticated attackers to submit forms in...

Published

Aug 07, 2024

Patched Release

2.5.2

Affected Versions

Versions up to 2.5.1

Next Step

Update to 2.5.2 or newer if supported.

Open CVE-2024-6254 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-3242

CVE-2024-3242: Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attack...

Published

Jul 17, 2024

Patched Release

2.4.45

Affected Versions

Versions up to 2.4.44

Next Step

Update to 2.4.45 or newer if supported.

Open CVE-2024-3242 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-1937

CVE-2024-1937: Brizy – Page Builder <= 2.4.44 - Missing Authorization to Authenticated (Contributor+) Post Modification

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor acce...

Published

Jul 15, 2024

Patched Release

2.4.45

Affected Versions

Versions up to 2.4.44

Next Step

Update to 2.4.45 or newer if supported.

Open CVE-2024-1937 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1164

CVE-2024-1164: Brizy – Page Builder <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Functionality

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied...

Published

Jun 04, 2024

Patched Release

2.4.44

Affected Versions

Versions up to 2.4.43

Next Step

Update to 2.4.44 or newer if supported.

Open CVE-2024-1164 Report Open CVE Reference