Security News > 2021 > October > Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers
Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to allow attackers to completely take over a website, according to researchers.
The two fresh bugs can both be chained with the re-introduced access control vulnerability to allow complete site takeover, researchers explained.
The second new bug is a high-severity arbitrary file-upload issue that could allow authenticated users to upload files to a site.
The developers didn't issue a patch, and WordPress removed the plugin from the WordPress plugin repository on Feb. 1.
In January, researchers warned of yet another authenticated XSS vulnerability in a WordPress plugin called Orbit Fox that has 40,000 installs, that could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.