The Wordfence Threat Intelligence team initiated the Responsible Disclosure process for Brizy – Page Builder, a WordPress plugin installed on over 90,000 sites.
During a routine review of their firewall rules, they found traffic indicating that a vulnerability might be present in the Brizy – Page Builder plugin, though it did not appear to be under active attack. This led them to discover two new vulnerabilities as well as a previously patched access control vulnerability in the plugin that had been reintroduced.
Both new vulnerabilities could take advantage of the access control vulnerability to allow complete site takeover, including a combination that allowed any logged-in user to modify any published post and add malicious JavaScript to it, as well as a separate flaw that allowed any logged-in user to upload potentially executable files and achieve remote code execution.
A patched version of the Brizy – Page Builder plugin, 2.3.12, was released on August 24, 2021. As per the WordFence responsible disclosure policy, they are now disclosing the vulnerability details as the plugin has been fully patched for some time.
All Wordfence users, including Wordfence Premium users as well as those using the free version, are protected by a combination of built-in firewall rules and an existing firewall rule released in June of 2020, which covered a similar vulnerability in a previous version of Brizy – Page Builder.
The original vulnerability was patched in version 1.0.126, but an almost identical vulnerability was reintroduced in version 1.0.127.
We strongly recommend updating to the latest version available, 2.3.17, as soon as possible, especially if you are not running Wordfence.
Source: https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/
See also: https://threatpost.com/brizy-wordpress-plugin-exploit-site-takeovers/175463/