CVE-2022-2041

CVE-2022-2041: Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content

Vendor Unknown

Product Brizy – Page Builder

Weakness CWE-79 · XSS

Published June 27, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Key dates

02Disclosure timeline

June 27, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2041

Related vulnerabilities

04Related CVE

CVE-2024-28983 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVE-2026-5539 code-projects Simple Laundry System Parameter modifymember.php cross site scripting CVE-2026-1373 Easy Author Image <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL CVE-2025-24704 WordPress Magic the Gathering Card Tooltips plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-22750 WordPress Post Carousel & Slider plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability