vulnerability
WordPress Plugin: brizy: CVE-2021-38346: Unrestricted Upload of File with Dangerous Type
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Oct 13, 2021 | May 15, 2025 | May 4, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Oct 13, 2021
Added
May 15, 2025
Modified
May 4, 2026
Description
The Brizy Page Builder plugin less than or equal to 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations.
Solution
brizy-plugin-cve-2021-38346
References
- https://www.cve.org/CVERecord?id=CVE-2021-38346
- https://www.wordfence.com/threat-intel/vulnerabilities/id/fd56e59b-3879-4ab6-ae9a-7a301ee6aa20?source=api-prod
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-24799
- CVE-2021-38346
- https://attackerkb.com/topics/CVE-2021-38346
- CWE-79
- CWE-22
- CWE-434
- EUVD-EUVD-2021-24799
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.