Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to allow attackers to completely take over a website, according to researchers. Brizy (or Brizy – Page Builder) has been installed on more than 90,000 sites. It’s billed as an intuitive website builder for those without technical skills. It comes with a collection of more than 500 pre-designed blocks, maps and video integration and drag-and-drop design functionality. According to researchers, it also came with a stored cross-site scripting (XSS) issue and an arbitrary file-upload vulnerability prior to version 2.3.17. These two bugs, when combined with another flaw that allows authorization bypass and privilege escalation, can become dangerous, Wordfence researchers cautioned. “During a routine review of our firewall rules, we found traffic indicating that a vulnerability might be present in the Brizy – Page Builder plugin, though it did not appear to be under active attack,” researchers at Wordfence explained in a Wednesday posting. “This led us to discover two new vulnerabilities as well as a previously patched access-control vulnerability in the plugin that had been reintroduced.” The two fresh bugs can both be chained with the re-introduced access control vulnerability to allow complete site takeover, researchers explained. In a combo with the stored XSS bug, any logged-in user would be able to modify any published post and inject malicious JavaScript to it. A pairing with the…