Product
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting (XSS) in versions up to and including 2.8.11, allowing unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the form Leads page due to missing nonce verification and improper handling of file upload fields.