SecuriTricks - CVE-2024-3242

Description

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Version 2.4.44 prevents the upload of files ending in .sh and .php. Version 2.4.45 fully patches the issue.

Product(s) Impacted

Product	Versions
Brizy - Page Builder plugin for WordPress	['up to 2.4.43']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L264

https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L547

https://plugins.trac.wordpress.org/changeset/3086506/brizy/trunk/editor/zip/archiver.php

https://plugins.trac.wordpress.org/changeset/3112878/brizy/trunk?contextall=1&old=3086506&old_path=%2Fbrizy%2Ftrunk

https://www.wordfence.com/threat-intel/vulnerabilities/id/a414de0a-ae44-4955-bd25-ec6ad7860835?source=cve

CVSS Score

8.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: July 18, 2024, 9:15 a.m.
Last Modified: July 18, 2024, 12:28 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@wordfence.com

CVE-2024-3242