CVE-2025-4370 is a medium-severity vulnerability affecting the Brizy – Page Builder plugin for WordPress, developed by themefusecom. This vulnerability arises from missing authorization checks in the process_external_asset_urls function and insufficient path validation in the store_file function across all versions up to and including 2.6.20. Specifically, unauthenticated attackers can exploit these weaknesses to upload limited file types, notably .TXT files, to the affected website's server. The absence of authorization means that no user credentials or privileges are required to perform the upload, and the lack of path validation could allow attackers to influence where files are stored on the server. Although the CVSS score is 5.3 (medium severity), the vulnerability primarily impacts integrity since attackers can place files on the server without authentication, potentially enabling further attacks such as social engineering or indirect exploitation if these files are processed or served. However, the vulnerability does not directly impact confidentiality or availability, and no known exploits are currently reported in the wild. The vulnerability is classified under CWE-862 (Missing Authorization), indicating a failure to properly restrict access to sensitive functions. The lack of patch links suggests that a fix may not yet be publicly available or that users must await an official update from the vendor. Organizations using Brizy – Page Builder should consider this vulnerability a significant risk due to the unauthenticated nature of the exploit and the potential for attackers to leverage uploaded files for further compromise or defacement.

For European organizations, this vulnerability poses a risk primarily to websites using the Brizy – Page Builder plugin on WordPress. The ability for unauthenticated attackers to upload files could lead to website defacement, phishing page hosting, or indirect compromise if the uploaded files are used in chained attacks. While the direct impact on confidentiality and availability is low, the integrity of the website content and trustworthiness can be severely affected. This could damage brand reputation, lead to regulatory scrutiny under GDPR if user trust is compromised, and potentially expose organizations to legal liabilities. Given the widespread use of WordPress in Europe, especially among SMEs and digital agencies, the vulnerability could be exploited to target sectors with high online presence such as e-commerce, media, and public sector websites. The lack of authentication requirement lowers the barrier for exploitation, increasing the likelihood of opportunistic attacks. However, the limitation to uploading .TXT files reduces the immediate risk of remote code execution but does not eliminate the possibility of attackers using these files for social engineering or as part of multi-stage attacks.

European organizations should immediately audit their WordPress installations to identify if the Brizy – Page Builder plugin is installed and determine the version in use. Until an official patch is released, administrators should consider disabling or removing the plugin to eliminate the attack vector. Implementing web application firewalls (WAFs) with custom rules to block unauthorized file upload attempts targeting the plugin’s endpoints can provide interim protection. Monitoring server directories for unexpected .TXT file uploads and setting up alerts for anomalous file creation can help detect exploitation attempts early. Additionally, restricting file upload permissions at the server level and enforcing strict path validation through custom security modules or plugins can reduce risk. Organizations should also review their WordPress user roles and permissions to ensure minimal privileges are granted and consider isolating the WordPress environment to limit lateral movement in case of compromise. Finally, maintaining regular backups and having an incident response plan tailored to web application compromises will aid in rapid recovery if exploitation occurs.