Vulnerability Database

300,991

Total vulnerabilities in the database

CVE-2024-1311

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Published: Mar 13, 2024
Updated: Mar 14, 2024
CVE: CVE-2024-1311
Exploit:

No technical information available.

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
brizy / brizy	-	2.4.41

https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L254
https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/zip/archiver.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/dc023c1b-7ec6-45b6-b50a-f0d823065843?source=cve

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo