CVE-2021-38346: 
WordPress vulnerability analysis and mitigation

The Brizy Page Builder WordPress plugin version 2.3.11 and earlier contained a critical vulnerability discovered in October 2021. This security flaw allowed authenticated users to upload executable files to arbitrary locations using the brizycreateblock_screenshot AJAX action. The vulnerability was assigned CVE-2021-38346 with a CVSS score of 8.8 (High) (Wordfence).

The vulnerability stems from improper file upload restrictions and path traversal issues. While the plugin attempted to secure uploads by adding a .jpg extension to all uploaded filenames, attackers could still perform a double extension attack. For example, a malicious file named shell.php would be saved as shell.php.jpg, which would remain executable on common server configurations. Additionally, attackers could use '../' in the id parameter to perform directory traversal attacks, allowing them to place files in arbitrary locations. The vulnerability is tracked under CWE-434 (Unrestricted Upload of File with Dangerous Type) and CWE-22 (Path Traversal) (NVD).

The vulnerability could lead to complete site takeover when combined with other flaws. Attackers could achieve remote code execution by uploading malicious PHP files, allowing them to perform actions such as adding administrative users, escalating privileges, or adding backdoor functionality to existing plugin or theme files (Threatpost).

The vulnerability was patched in version 2.3.17 of the Brizy Page Builder plugin. Site administrators are strongly advised to update to this version or later to protect against potential attacks (Threatpost).