Skip to main content

Comments

5 comments

Date Votes
  • Ariel H.

    Hi Jeff,

    Thank you for contacting us. We have received a similar report regarding the Cross Site Scripting (XSS) vulnerability in versions 2.6.14, and our developers are already aware the issue.

    Best regards,
    Ariel H.

    0
  • Gordon Russell

    This message is being shown in all of the sites I have which use WordFence.
    Is this being taken seriously?
    How long will it take for this to be fixed?

    0
  • KC George

    Hello Gordon,

    PatchStack first published the vulnerability report that WordFence had quoted. https://patchstack.com/database/wordpress/plugin/brizy/vulnerability/wordpress-brizy-plugin-2-6-14-cross-site-scripting-xss-vulnerability is the URL of the original report.

    They have assigned "Low Priority" for this vulnerability. Kindly see the PatchStack priority definitions at https://patchstack.com/articles/patchstack-introducing-patchstack-priority/

    1. High Priority vulnerabilities are expected to become actively exploited or already known to be actively exploited. From the time we discover a high priority vulnrability, we usually fix it within 24 hours.
    2. Medium Priority vulnerabilities could be exploited in more targeted attacks and are not yet publicly known to be exploited. These are often fixed in a few days to a week.
    3. Low Priority vulnerabilities are not expected to become exploited or not known to be exploited. These are fixed in one to four weeks. 

    The issue has been escalated to our developers and we are currently working on it. We hope to release a fix within a 1-4 weeks.

    0
  • John Stout

    I understand that patchstack has given this a low priority, but this leaves all of my domains unable to be updated, show images, load updates, etc. I purchased the lifetime unlimited brizy package when the brizy editor was barely better than a wysiwyg drop and play junk editor. I thought if I could get in and help develop this out and help shape the makings of a great editor through comments and support  we could do something great. Now I am at the mercy of some third party that the only think I can do is buy some security patch that they can't tell me the cost until I sign up for a subscription to their service or wait 1-4 more weeks until someone works our a patch. Meanwhile, my nonprofit is missing grant and donation opportunities because our websites are incomplete because these issues showed up in the middle of a major cosmetic update. This is not low priority for me. 

    0
  • KC George

    Hello John,

    A vulnerability is a weakness or a flaw in a software that can be exploited by an attacker to compromise its security. The Patchstack report highlights a weakness in Brizy that could possibly be exploited by a hacker. It serves as a warning to prevent a possible attack in the future.

    You've said that "this leaves all of my domains unable to be updated, show images, load updates, etc." The Patchstack vulnerability report may not have anything to do with the inability to update, display the image, or update the plugin. It's possible that these two have nothing in common. We would like to take a look at your WordPress Dashboard to help you fix the three issues you have mentioned.

    Please add a new user to your WordPress Dashboard and send the following details to our email: communitysupport@brizy.io 

    Please let us know  in this forum when you send us the email.

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

Ask a Question