CVE-2024-1311 in Brizy Page Builder Plugin
Summary
by MITRE • 03/13/2024
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/12/2026
The vulnerability identified as CVE-2024-1311 affects the Brizy – Page Builder plugin for WordPress, representing a critical security flaw that undermines the integrity of affected web applications. This vulnerability exists within the storeImages function of the plugin, which fails to implement proper file type validation mechanisms. The flaw specifically impacts all versions of the plugin up to and including version 2.4.40, creating a persistent risk for WordPress installations that utilize this page builder functionality. The vulnerability's severity is amplified by its accessibility to authenticated attackers who possess contributor-level privileges or higher, significantly expanding the potential threat surface within WordPress environments.
The technical exploitation of this vulnerability stems from the absence of robust input validation within the storeImages function, which processes file uploads submitted through the Brizy interface. Attackers can leverage this weakness to bypass normal file upload restrictions and potentially execute malicious code on the target server. The lack of file type validation means that the plugin does not properly verify the MIME types or file extensions of uploaded content, allowing attackers to submit files with potentially dangerous extensions such as .php, .jsp, or other server-side script formats. This flaw aligns with CWE-434, which addresses the improper restriction of file uploads, and represents a classic example of insecure file handling practices in web applications. The vulnerability creates a direct pathway for attackers to establish persistent access points on compromised systems.
The operational impact of CVE-2024-1311 extends beyond simple unauthorized file uploads, as it can lead to complete system compromise through remote code execution capabilities. Once an attacker successfully uploads malicious files, they can potentially execute arbitrary code on the web server, allowing for data exfiltration, system enumeration, and further lateral movement within the network. This vulnerability particularly affects WordPress environments where the Brizy plugin is installed and actively used, making it a significant concern for content management systems that rely on third-party page builders. The threat is compounded by the fact that contributor-level access is sufficient to exploit this vulnerability, meaning that users with relatively low privilege levels can potentially gain elevated system access. The attack vector falls under ATT&CK technique T1505.003 for Server Software Component, specifically targeting the exploitation of web application vulnerabilities for code execution.
Organizations affected by this vulnerability should implement immediate mitigations to protect their WordPress installations from potential exploitation. The most effective immediate solution involves updating the Brizy plugin to the latest available version, which should contain patches addressing the file validation issues. System administrators should also implement additional security measures such as restricting file upload capabilities within WordPress, implementing more restrictive file permissions on upload directories, and deploying web application firewalls that can detect and block suspicious file upload attempts. Regular security audits and vulnerability assessments should be conducted to identify other potential weaknesses in the WordPress ecosystem, particularly focusing on third-party plugins that may not implement proper security controls. The vulnerability serves as a reminder of the critical importance of maintaining up-to-date software components and implementing defense-in-depth strategies to protect against exploitation attempts targeting web application frameworks.