CVE-2024-10322: Stored Cross-Site Scripting Vulnerability in Brizy – Page Builder WordPress Plugin

The Brizy – Page Builder plugin is a popular and widely-used visual page builder for WordPress websites. However, a stored Cross-Site Scripting (XSS) vulnerability has been discovered in all versions up to and including 2.6.8. The vulnerability, CVE-2024-10322, stems from insufficient input sanitization and output escaping in the plugin's REST API SVG file uploads. Attackers can exploit this vulnerability to inject arbitrary web scripts into pages that execute whenever a user accesses the malicious SVG file, potentially leading to unauthorized access, data breaches, and other harmful consequences.

Vulnerability Details

To exploit this vulnerability, an attacker must be an authenticated user with at least Author-level access to the WordPress installation where the Brizy - Page Builder plugin is installed. Once the attacker has this level of access, they can upload a specially crafted SVG file containing malicious web scripts to the page builder via the plugin's REST API.

When successful, the malicious code will execute whenever the SVG file is accessed by a user, leading to potential security issues on the affected website.

Here's a demonstration of how a malicious SVG file could be created

<svg onload=alert(1) xmlns="http://www.w3.org/200/svg"; viewBox="  50 50">
    <path d="..."/>
</svg>

In this example, an SVG file is created with a simple JavaScript alert(1) code that will execute when the SVG file is loaded. Attackers, however, could inject more harmful and complex scripts.

Original References

- CVE-2024-10322 Detail
- WordPress Plugin Vulnerability Database (WPVDB) Entry

Exploiting this vulnerability requires the following steps

1. Register a user on the targeted WordPress site, or compromise an existing account with at least Author-level access.
2. Use the Brizy – Page Builder plugin's REST API to upload the malicious SVG file containing the desired web script.

Insert the malicious SVG file into a page created using the Brizy – Page Builder plugin.

4. Wait for users to access the page containing the malicious SVG file and execute the injected web script.

Mitigation

The Brizy – Page Builder plugin's developers have released version 2.6.9, which fixes the vulnerability by implementing proper input sanitization and output escaping for SVG uploads. All users are strongly encouraged to update their plugin to the latest version.

Additionally, website administrators should regularly review and monitor user registrations and activity to identify suspicious behavior and promptly address any unauthorized access or potential compromises.

Conclusion

The stored XSS vulnerability in the Brizy – Page Builder WordPress plugin poses a significant risk to website security and user data. By ensuring that the plugin is up-to-date and monitoring user activity, website administrators can reduce the risk of successful attacks and maintain the safety and integrity of their websites.

Timeline

Published on: 02/12/2025 13:15:07 UTC
Last modified on: 02/20/2025 20:40:34 UTC