cvedb.io
CVE-2021-38346
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2021-10-14T16:15:09.317 · Last modified 2026-06-17T04:01:55.120

Summary

The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations.

Affected products

brizy — brizy-page_builder

Does this affect you?

Add your gear to cvedb and we'll alert you only when brizy ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.