CVE-2025-0969
Sensitive Information Exposure in Brizy Page Builder Plugin
Publication date: 2025-12-13
Last updated on: 2025-12-13
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| brizy | page_builder | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows authenticated attackers with Contributor-level access and above to extract sensitive data including email addresses and hashed passwords of administrators. Exposure of such sensitive personal data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require protection of personal and sensitive information. Therefore, exploitation of this vulnerability could result in violations of these standards due to unauthorized disclosure of protected data.
Can you explain this vulnerability to me?
The Brizy β Page Builder plugin for WordPress has a vulnerability in all versions up to 2.7.16 where authenticated users with Contributor-level access or higher can exploit the get_users() function to extract sensitive information such as email addresses and hashed passwords of administrators.
How can this vulnerability impact me? :
This vulnerability can lead to exposure of sensitive administrator data including email addresses and hashed passwords, potentially allowing attackers to compromise administrator accounts or use the information for further attacks.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Brizy β Page Builder plugin for WordPress to version 2.7.17 or later, as this version includes comprehensive fixes addressing CVE-2025-0969. This update replaces vulnerable code and improves security to prevent sensitive information exposure via the get_users() function. [2]