IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WordPress plugin exploit puts over 90,000 sites at risk

Security firm Wordfence recommends users of the Brizy Page Builder plugin upgrade to the latest version immediately

A user with WordPress on their desktop computer

Researchers have unearthed a series of vulnerabilities that could have compromised thousands of WordPress websites.

Potentially exploitable bugs were found in the Brizy Page Builder, a WordPress plugin that is installed across more than 90,000 websites, according to security firm Wordfence.

The company's Threat Intelligence team reported the issues in August and a fix was released shortly afterwards, but it's likely that a number of installations still remain unpatched. If exploited, it could allow attackers to execute "complete site takeover" and add malicious code to existing posts.

The vulnerabilities could also allow for any registered user, including subscribers, to pass as an administrator, where they could modify posts and pages, even if they had already been published on a site.

The Wordfence's Threat Intelligence team said it stumbled upon the vulnerability while conducting a routine review of the Wordfence firewall in July. It said the plugin "did not appear" to be under active attack, but they were led to believe that there was something amiss following "unusual traffic".

"The unusual traffic led us to discover two new vulnerabilities as well as a previously patched access control vulnerability in the plugin that had been reintroduced," Wordfence wrote in a blog post. "Both new vulnerabilities could take advantage of the access control vulnerability to allow complete site takeover."

A patched version of the Brizy Page Builder plugin, was released on 24 August, just a few days after Wordfence disclosed the vulnerability. Wordfence "strongly recommends" users update to the latest version of the Brizy Page Builder (2.3.17) as soon as possible.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Most Popular

What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
Windows 10 users locked out of devices by unskippable Microsoft 365 advert
bugs

Windows 10 users locked out of devices by unskippable Microsoft 365 advert

3 Feb 2023