CVE-2022-2040

CVE-2022-2040: Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL

Vendor Unknown

Product Brizy – Page Builder

Weakness CWE-79 · XSS

Published June 27, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Key dates

02Disclosure timeline

June 27, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2040

Related vulnerabilities

04Related CVE

CVE-2025-62613 VDO.Ninja Reflected XSS Vulnerability in control.html CVE-2023-30435 IBM Security Guardium cross-site scripting CVE-2022-0542 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot CVE-2023-51415 WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS) CVE-2025-22780 WordPress wp-pano Plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability