Brizy WordPress plugin security

Martti Varik

• January 05, 2023 12:59

Hello

This week the Brizy WordPress plugin (amongst many others) was mentioned in media (https://www.bleepingcomputer.com/news/security/new-linux-malware-uses-30-plugin-exploits-to-backdoor-wordpress-sites/) in the context of a malware toolkit:

"An updated version of the payload that Dr. Web observed in the wild also targets the following WordPress add-ons:

• Brizy WordPress Plugin
  ...

"

Can you offer any information with regards to which versions of the plug-in are affected?

The article in its self is quite useless on that front, because it does not give details about versions of any plugins.

 

0

• 

  KC George

  • January 06, 2023 05:28

  Hi Martti,

  It is challenging to determine which particular Brizy version was vulnerable and which versions are not. Let me explain why.

  All through the year, we get alerts regarding vulnerabilities. For instance, we have gotten five of these notices in the year 2022. We release a fix each time we get a notification about a potential vulnerability. Consequently, throughout the course of the year, the plugin progressively gets more and more secure.

  The older the plugin version, the more susceptible it is to known attacks. The plugin would be less vulnerable to known exploits in the more recent versions. Every version is equally susceptible to upcoming threats.

  0
• 

  Martti Varik

  • January 08, 2023 15:20

  Yes, there are "known knowns", "known unknowns" and "unknown unknowns" in the security space. All we can do is assume, that all vulnerabilities Brizy is aware of are fixed in the latest version within a reasonable time period. I hope we can hold you (Brizy) accountable for that assumption :)

  0
• 

  KC George

  • January 09, 2023 07:04

  Hi Martti,

  I can vouch for the fact that as soon as we become aware of a vulnerability, we begin working on a fix, which is then made available in the upcoming update.

  0

Please sign in to leave a comment.