Inquiry Regarding Brizy Pro Version 2.6.8 and Reflected XSS Vulnerability

Nicolas Herrero

• March 05, 2025 13:49

Hello Brizy Support Team,

I am currently using Brizy Pro version 2.6.8 and have noticed a security alert regarding a Reflected Cross-Site Scripting (XSS) vulnerability in versions 2.6.1 and earlier. I would like to confirm if this vulnerability has been addressed in version 2.6.8.

Could you please provide any relevant information or patches related to this issue? Additionally, are there any specific security measures or updates I should be aware of to ensure my site remains secure?

Thank you for your assistance.

Best regards,

Nicolas HERRERO

 

0

• 

  Ariel H.

  • March 05, 2025 14:41

  Hi Nicolas,

  Thank you for reaching out.

  I appreciate you bringing this to our attention. Could you share more details on where you found this security alert regarding the Reflected Cross-Site Scripting (XSS) vulnerability? For example, did you receive it from a security plugin, a vulnerability database, or another source?

  Regarding your concern, Brizy Pro is continuously updated with security improvements, and we recommend always using the latest version to ensure the best protection. Once we have more details, I’d be happy to provide further clarification on this specific issue.

  Looking forward to your response.

  Best regards,
  Ariel H.

  0
• 

  Nicolas Herrero

  • March 05, 2025 15:05

  Hello Ariel,

  Thank you for your prompt response.

  I discovered the security alert regarding the Reflected Cross-Site Scripting (XSS) vulnerability in the "Site Health" section of WordPress. I am currently using the latest version of WordPress (6.7.2) and am very pleased with the capabilities offered by the Brizy builder.

  However, when I view the details of the Brizy Pro plugin in the "Installed Plugins" section, a warning indicates that the plugin has not been tested with my current version of WordPress. This concerns me, as I want to ensure that my site remains secure and compatible.

  Could you provide information on how to resolve this warning? Are there specific steps I should follow to ensure the compatibility and security of Brizy Pro with WordPress 6.7.2?

  Thank you in advance for your assistance.

  Best regards,

  Nicolas

  0
• 

  Josh Tew

  • March 05, 2025 17:53

  I am facing the same issue, reported by WP Toolkit, and I can't even edit any post or pages created by Brizy. It happens after I updated the Brizy Pro version 2.6.8 . Kindly fix this issue immediately. Thanks!

  0
• 

  KC George

  • March 06, 2025 05:30

  Hello Nicolas,

  The Cross Site Scripting vulnerability with Brizy Pro 2.6.1 and earlier was discovered by Rafie Muhammad of Patchstack in December 2024 was and his report was published on January 14, 2025. You can find it at https://patchstack.com/database/report-preview/e7351c24-61f7-48b3-b0dd-2b6fd6b41c05

  In January 2025, we patched this vulnerability in the first half, and a new version containing the fix was released in the second half.  We haven't sent Patchstack the patched Brizy Pro version though, so they can verify that the vulnerability has been resolved.  Therefore, information regarding the vulnerability fix may not be available in the Patchstack database.  We confirm that the most recent Brizy versions contain a patch for the aforementioned vulnerability and are safe and secure, even though security systems that rely on the Patchstack vulnerability database might not have information about its fix. No action is required to ensure compatibility and security of Brizy Pro with WordPress 6.7.2.

  The "This plugin hasn’t been tested with the latest version of WordPress" notification that appears in your WordPress dashboard means that the plugin author hasn't updated the README file with the most recent version of WordPress. This does not imply that the plugin is incompatible with the latest WordPress version. Even after testing their plugins to ensure they work well with every new WordPress release, plugin authors occasionally fail to update their readme files. You can read more on this topic at https://www.wpbeginner.com/opinion/should-you-install-plugins-not-tested-with-your-wordpress-version/

  0
• 

  KC George

  • March 06, 2025 05:42

  Hello Josh,

  WP Toolkit relies on Patchstack and Wordfence for their vulnerability reporting and hence will show a warning as the Patchstack database has not been updated. Kindly ignore this warning.

  Your inability to edit Brizy post and pages could be unrelated to the above security warning. Do you see any error message when trying to edit your pages/posts? If you see the error "This page needs a refresh. You've probably updated the page in a different tab or browser" kindly follow instructions at https://support.brizy.io/hc/en-us/articles/22590197512210 to fix this issue. If this does not help, please get back to us. We will take a look at your WordPress Dashboard to fix this issue.

  0

Please sign in to leave a comment.