The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when no file is uploaded, and the reversal of security encoding via html_entity_decode() followed by unescaped output in the admin view. The submit_form() function skips nonce verification for non-logged-in users (api.php:198). The handleFileTypeFields() function fails to overwrite user-supplied values when no file is attached. While htmlentities() is applied during storage, html_entity_decode() reverses this on display (form-entries.php:79). The form-data.php template outputs FileUpload values directly in href attributes without esc_url(). This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the form Leads page.
Casky was already ahead
This CVE exploits attack patterns that Casky's 301matched skills have been training on — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
The Brizy Page Builder plugin for WordPress contains a critical stored cross-site scripting (XSS) vulnerability affecting all versions up to 2.8.11. This flaw exploits a dangerous combination of missing nonce verification, improper file upload field handling, and security encoding reversal through html_entity_decode() followed by unescaped output. Because the vulnerability allows unauthenticated attackers to submit malicious payloads through form fields, any WordPress site running this plugin is at risk of compromise. Attackers can inject persistent XSS code that executes in the context of admin dashboards and user browsers, potentially leading to account takeover, credential theft, and site-wide defacement. With over 100,000+ active installations, this vulnerability has broad impact across the WordPress ecosystem.
Casky's 301 mapped security skills leverage Claude's extended reasoning to detect the attack patterns associated with this CVE across two critical MITRE ATT&ACK techniques: TA0001 (Initial Access) and TA0043 (Reconnaissance). Practitioners using Casky would identify detection signals including: (1) unusual form submissions lacking nonce tokens to unauthenticated endpoints, (2) FileUpload field requests with empty or suspicious payloads in request bodies, (3) html_entity_decode() function calls processing user input before rendering, and (4) unescaped HTML output in admin views containing script tags or event handlers. The platform's skill framework would surface findings showing how attackers probe for vulnerable form handlers, map application architecture through form enumeration, and inject stored payloads that execute during admin panel access—enabling security teams to block exploitation chains before malicious code persists.
These skills use Claude AI's reasoning model to surface findings in the same attack categories as CVE-2026-5324.
Run Claude AI skills against real targets and see findings like those behind CVE-2026-5324 — before the next CVE drops.
Join the Playground Waitlist →analyzing-cloud-storage-access-patterns
cloud security · low
analyzing-cyber-kill-chain
threat intelligence · low
analyzing-indicators-of-compromise
threat intelligence · low
analyzing-ios-app-security-with-objection
mobile security · low
analyzing-malicious-url-with-urlscan
phishing defense · medium
analyzing-malware-family-relationships-with-malpedia
threat intelligence · low
analyzing-office365-audit-logs-for-compromise
cloud security · low
analyzing-ransomware-leak-site-intelligence
threat intelligence · low
analyzing-threat-actor-ttps-with-mitre-attack
threat intelligence · low
analyzing-threat-actor-ttps-with-mitre-navigator
threat intelligence · low
analyzing-threat-intelligence-feeds
threat intelligence · low
analyzing-threat-landscape-with-misp
threat intelligence · low
analyzing-typosquatting-domains-with-dnstwist
threat intelligence · low
auditing-aws-s3-bucket-permissions
cloud security · low
auditing-azure-active-directory-configuration
cloud security · low
auditing-cloud-with-cis-benchmarks
cloud security · low
auditing-gcp-iam-permissions
cloud security · low
auditing-kubernetes-cluster-rbac
cloud security · low
auditing-terraform-infrastructure-for-security
cloud security · low
auditing-tls-certificate-transparency-logs
threat intelligence · low
automating-ioc-enrichment
threat intelligence · low
building-adversary-infrastructure-tracking-system
threat intelligence · low
building-attack-pattern-library-from-cti-reports
threat intelligence · low
building-c2-infrastructure-with-sliver-framework
red teaming · high
building-cloud-siem-with-sentinel
cloud security · low
building-devsecops-pipeline-with-gitlab-ci
devsecops · low
building-ioc-defanging-and-sharing-pipeline
threat intelligence · low
building-ioc-enrichment-pipeline-with-opencti
threat intelligence · low
building-patch-tuesday-response-process
vulnerability management · medium
building-phishing-reporting-button-workflow
phishing defense · medium
building-red-team-c2-infrastructure-with-havoc
red teaming · high
building-threat-actor-profile-from-osint
threat intelligence · low
building-threat-feed-aggregation-with-misp
threat intelligence · low
building-threat-intelligence-platform
threat intelligence · low
building-vulnerability-aging-and-sla-tracking
vulnerability management · medium
building-vulnerability-dashboard-with-defectdojo
vulnerability management · medium
building-vulnerability-exception-tracking-system
vulnerability management · medium
bypassing-authentication-with-forced-browsing
web application security · medium
collecting-open-source-intelligence
threat intelligence · low
collecting-threat-intelligence-with-misp
threat intelligence · low
conducting-api-security-testing
penetration testing · medium
conducting-cloud-penetration-testing
cloud security · low
conducting-domain-persistence-with-dcsync
red teaming · high
conducting-external-reconnaissance-with-osint
penetration testing · medium
conducting-full-scope-red-team-engagement
red teaming · high
conducting-internal-network-penetration-test
penetration testing · medium
conducting-internal-reconnaissance-with-bloodhound-ce
red teaming · high
conducting-mobile-app-penetration-test
penetration testing · medium
conducting-network-penetration-test
penetration testing · medium
conducting-pass-the-ticket-attack
red teaming · high
conducting-social-engineering-penetration-test
penetration testing · medium
conducting-social-engineering-pretext-call
red teaming · high
conducting-spearphishing-simulation-campaign
red teaming · high
conducting-wireless-network-penetration-test
penetration testing · medium
correlating-threat-campaigns
threat intelligence · low
detecting-api-enumeration-attacks
api security · medium
detecting-aws-cloudtrail-anomalies
cloud security · low
detecting-aws-credential-exposure-with-trufflehog
cloud security · low
detecting-aws-guardduty-findings-automation
cloud security · low
detecting-aws-iam-privilege-escalation
cloud security · low
detecting-azure-lateral-movement
cloud security · low
detecting-azure-service-principal-abuse
cloud security · low
detecting-azure-storage-account-misconfigurations
cloud security · low
detecting-broken-object-property-level-authorization
api security · medium
detecting-business-email-compromise
phishing defense · medium
detecting-business-email-compromise-with-ai
phishing defense · medium
detecting-cloud-threats-with-guardduty
cloud security · low
detecting-compromised-cloud-credentials
cloud security · low
detecting-cryptomining-in-cloud
cloud security · low
detecting-misconfigured-azure-storage
cloud security · low
detecting-mobile-malware-behavior
mobile security · low
detecting-oauth-token-theft
cloud security · low
detecting-qr-code-phishing-with-email-security
phishing defense · medium
detecting-s3-data-exfiltration-attempts
cloud security · low
detecting-serverless-function-injection
cloud security · low
detecting-shadow-api-endpoints
api security · medium
detecting-shadow-it-cloud-usage
cloud security · low
detecting-spearphishing-with-email-gateway
phishing defense · medium
detecting-suspicious-oauth-application-consent
cloud security · low
evaluating-threat-intelligence-platforms
threat intelligence · low
executing-active-directory-attack-simulation
penetration testing · medium
executing-phishing-simulation-campaign
penetration testing · medium
executing-red-team-engagement-planning
red teaming · high
executing-red-team-exercise
penetration testing · medium
exploiting-active-directory-certificate-services-esc1
red teaming · high
exploiting-active-directory-with-bloodhound
red teaming · high
exploiting-api-injection-vulnerabilities
api security · medium
exploiting-broken-function-level-authorization
api security · medium
exploiting-broken-link-hijacking
web application security · medium
exploiting-constrained-delegation-abuse
red teaming · high
exploiting-deeplink-vulnerabilities
mobile security · low
exploiting-excessive-data-exposure-in-api
api security · medium
exploiting-http-request-smuggling
web application security · medium
exploiting-idor-vulnerabilities
web application security · medium
exploiting-insecure-data-storage-in-mobile
mobile security · low
exploiting-insecure-deserialization
web application security · medium
exploiting-jwt-algorithm-confusion-attack
api security · medium
exploiting-kerberoasting-with-impacket
red teaming · high
exploiting-mass-assignment-in-rest-apis
web application security · medium
exploiting-ms17-010-eternalblue-vulnerability
red teaming · high
exploiting-nopac-cve-2021-42278-42287
red teaming · high
exploiting-nosql-injection-vulnerabilities
web application security · medium
exploiting-oauth-misconfiguration
web application security · medium
exploiting-prototype-pollution-in-javascript
web application security · medium
exploiting-race-condition-vulnerabilities
web application security · medium
exploiting-server-side-request-forgery
web application security · medium
exploiting-sql-injection-vulnerabilities
penetration testing · medium
exploiting-sql-injection-with-sqlmap
web application security · medium
exploiting-template-injection-vulnerabilities
web application security · medium
exploiting-type-juggling-vulnerabilities
web application security · medium
exploiting-vulnerabilities-with-metasploit-framework
vulnerability management · medium
exploiting-websocket-vulnerabilities
web application security · medium
exploiting-zerologon-vulnerability-cve-2020-1472
red teaming · high
generating-threat-intelligence-reports
threat intelligence · low
hunting-advanced-persistent-threats
threat intelligence · low
implementing-anti-phishing-training-program
phishing defense · medium
implementing-api-abuse-detection-with-rate-limiting
api security · medium
implementing-api-gateway-security-controls
api security · medium
implementing-api-key-security-controls
api security · medium
implementing-api-rate-limiting-and-throttling
api security · medium
implementing-api-schema-validation-security
api security · medium
implementing-api-security-posture-management
api security · medium
implementing-api-security-testing-with-42crunch
api security · medium
implementing-api-threat-protection-with-apigee
api security · medium
implementing-aqua-security-for-container-scanning
devsecops · low
implementing-attack-path-analysis-with-xm-cyber
vulnerability management · medium
implementing-aws-config-rules-for-compliance
cloud security · low
implementing-aws-macie-for-data-classification
cloud security · low
implementing-aws-nitro-enclave-security
cloud security · low
implementing-aws-security-hub
cloud security · low
implementing-aws-security-hub-compliance
cloud security · low
implementing-azure-defender-for-cloud
cloud security · low
implementing-cloud-dlp-for-data-protection
cloud security · low
implementing-cloud-security-posture-management
cloud security · low
implementing-cloud-trail-log-analysis
cloud security · low
implementing-cloud-vulnerability-posture-management
vulnerability management · medium
implementing-cloud-waf-rules
cloud security · low
implementing-cloud-workload-protection
cloud security · low
implementing-code-signing-for-artifacts
devsecops · low
implementing-continuous-security-validation-with-bas
vulnerability management · medium
implementing-diamond-model-analysis
threat intelligence · low
implementing-dmarc-dkim-spf-email-security
phishing defense · medium
implementing-email-sandboxing-with-proofpoint
phishing defense · medium
implementing-epss-score-for-vulnerability-prioritization
vulnerability management · medium
implementing-fuzz-testing-in-cicd-with-aflplusplus
devsecops · low
implementing-gcp-binary-authorization
cloud security · low
implementing-gcp-organization-policy-constraints
cloud security · low
implementing-gcp-vpc-firewall-rules
cloud security · low
implementing-gdpr-data-protection-controls
compliance governance · low
implementing-github-advanced-security-for-code-scanning
devsecops · low
implementing-google-workspace-phishing-protection
phishing defense · medium
implementing-infrastructure-as-code-security-scanning
devsecops · low
implementing-iso-27001-information-security-management
compliance governance · low
implementing-mimecast-targeted-attack-protection
phishing defense · medium
implementing-mobile-application-management
mobile security · low
implementing-patch-management-workflow
vulnerability management · medium
implementing-pci-dss-compliance-controls
compliance governance · low
implementing-policy-as-code-with-open-policy-agent
devsecops · low
implementing-proofpoint-email-security-gateway
phishing defense · medium
implementing-rapid7-insightvm-for-scanning
vulnerability management · medium
implementing-secret-scanning-with-gitleaks
devsecops · low
implementing-secrets-management-with-vault
cloud security · low
implementing-secrets-scanning-in-ci-cd
devsecops · low
implementing-security-information-sharing-with-stix2
threat intelligence · low
implementing-semgrep-for-custom-sast-rules
devsecops · low
implementing-stix-taxii-feed-integration
threat intelligence · low
implementing-taxii-server-with-opentaxii
threat intelligence · low
implementing-threat-intelligence-lifecycle-management
threat intelligence · low
implementing-vulnerability-management-with-greenbone
vulnerability management · medium
implementing-vulnerability-remediation-sla
vulnerability management · medium
implementing-vulnerability-sla-breach-alerting
vulnerability management · medium
implementing-web-application-logging-with-modsecurity
web application security · medium
implementing-zero-trust-in-cloud
cloud security · low
implementing-zero-trust-network-access
cloud security · low
integrating-dast-with-owasp-zap-in-pipeline
devsecops · low
integrating-sast-into-github-actions-pipeline
devsecops · low
intercepting-mobile-traffic-with-burpsuite
mobile security · low
managing-cloud-identity-with-okta
cloud security · low
managing-intelligence-lifecycle
threat intelligence · low
mapping-mitre-attack-techniques
threat intelligence · low
monitoring-darkweb-sources
threat intelligence · low
performing-active-directory-bloodhound-analysis
red teaming · high
performing-active-directory-penetration-test
penetration testing · medium
performing-active-directory-vulnerability-assessment
vulnerability management · medium
performing-adversary-in-the-middle-phishing-detection
phishing defense · medium
performing-agentless-vulnerability-scanning
vulnerability management · medium
performing-ai-driven-osint-correlation
threat intelligence · low
performing-android-app-static-analysis-with-mobsf
mobile security · low
performing-api-fuzzing-with-restler
api security · medium
performing-api-inventory-and-discovery
api security · medium
performing-api-rate-limiting-bypass
api security · medium
performing-api-security-testing-with-postman
api security · medium
performing-asset-criticality-scoring-for-vulns
vulnerability management · medium
performing-authenticated-scan-with-openvas
vulnerability management · medium
performing-authenticated-vulnerability-scan
vulnerability management · medium
performing-aws-account-enumeration-with-scout-suite
cloud security · low
performing-aws-privilege-escalation-assessment
cloud security · low
performing-blind-ssrf-exploitation
web application security · medium
performing-brand-monitoring-for-impersonation
threat intelligence · low
performing-clickjacking-attack-test
web application security · medium
performing-cloud-asset-inventory-with-cartography
cloud security · low
performing-cloud-forensics-with-aws-cloudtrail
cloud security · low
performing-cloud-log-forensics-with-athena
cloud security · low
performing-cloud-native-forensics-with-falco
cloud security · low
performing-cloud-native-threat-hunting-with-aws-detective
cloud security · low
performing-cloud-penetration-testing-with-pacu
cloud security · low
performing-container-image-hardening
devsecops · low
performing-content-security-policy-bypass
web application security · medium
performing-credential-access-with-lazagne
red teaming · high
performing-csrf-attack-simulation
web application security · medium
performing-cve-prioritization-with-kev-catalog
vulnerability management · medium
performing-dark-web-monitoring-for-threats
threat intelligence · low
performing-directory-traversal-testing
web application security · medium
performing-dmarc-policy-enforcement-rollout
phishing defense · medium
performing-dynamic-analysis-of-android-app
mobile security · low
performing-external-network-penetration-test
penetration testing · medium
performing-gcp-penetration-testing-with-gcpbucketbrute
cloud security · low
performing-gcp-security-assessment-with-forseti
cloud security · low
performing-graphql-depth-limit-attack
api security · medium
performing-graphql-introspection-attack
api security · medium
performing-graphql-security-assessment
web application security · medium
performing-http-parameter-pollution-attack
web application security · medium
performing-indicator-lifecycle-management
threat intelligence · low
performing-initial-access-with-evilginx3
red teaming · high
performing-ios-app-security-assessment
mobile security · low
performing-iot-security-assessment
penetration testing · medium
performing-ip-reputation-analysis-with-shodan
threat intelligence · low
performing-jwt-none-algorithm-attack
api security · medium
performing-kerberoasting-attack
red teaming · high
performing-lateral-movement-with-wmiexec
red teaming · high
performing-malware-hash-enrichment-with-virustotal
threat intelligence · low
performing-malware-ioc-extraction
threat intelligence · low
performing-mobile-app-certificate-pinning-bypass
mobile security · low
performing-nist-csf-maturity-assessment
compliance governance · low
performing-open-source-intelligence-gathering
red teaming · high
performing-osint-with-spiderfoot
threat intelligence · low
performing-paste-site-monitoring-for-credentials
threat intelligence · low
performing-phishing-simulation-with-gophish
phishing defense · medium
performing-physical-intrusion-assessment
red teaming · high
performing-privilege-escalation-assessment
penetration testing · medium
performing-privilege-escalation-on-linux
red teaming · high
performing-sca-dependency-scanning-with-snyk
devsecops · low
performing-second-order-sql-injection
web application security · medium
performing-security-headers-audit
web application security · medium
performing-serverless-function-security-review
cloud security · low
performing-soap-web-service-security-testing
api security · medium
performing-subdomain-enumeration-with-subfinder
web application security · medium
performing-thick-client-application-penetration-test
penetration testing · medium
performing-threat-emulation-with-atomic-red-team
threat intelligence · low
performing-threat-intelligence-sharing-with-misp
threat intelligence · low
performing-threat-landscape-assessment-for-sector
threat intelligence · low
performing-threat-modeling-with-owasp-threat-dragon
devsecops · low
performing-vulnerability-scanning-with-nessus
penetration testing · medium
performing-web-application-firewall-bypass
web application security · medium
performing-web-application-penetration-test
penetration testing · medium
performing-web-application-scanning-with-nikto
vulnerability management · medium
performing-web-application-vulnerability-triage
vulnerability management · medium
performing-web-cache-deception-attack
web application security · medium
performing-web-cache-poisoning-attack
web application security · medium
performing-wireless-network-penetration-test
penetration testing · medium
prioritizing-vulnerabilities-with-cvss-scoring
vulnerability management · medium
processing-stix-taxii-feeds
threat intelligence · low
profiling-threat-actor-groups
threat intelligence · low
remediating-s3-bucket-misconfiguration
cloud security · low
reverse-engineering-ios-app-with-frida
mobile security · low
scanning-containers-with-trivy-in-cicd
devsecops · low
scanning-infrastructure-with-nessus
vulnerability management · medium
securing-api-gateway-with-aws-waf
cloud security · low
securing-aws-iam-permissions
cloud security · low
securing-aws-lambda-execution-roles
cloud security · low
securing-azure-with-microsoft-defender
cloud security · low
securing-container-registry-images
cloud security · low
securing-github-actions-workflows
devsecops · low
securing-kubernetes-on-cloud
cloud security · low
securing-serverless-functions
cloud security · low
testing-android-intents-for-vulnerabilities
mobile security · low
testing-api-authentication-weaknesses
api security · medium
testing-api-for-broken-object-level-authorization
api security · medium
testing-api-for-mass-assignment-vulnerability
api security · medium
testing-api-security-with-owasp-top-10
web application security · medium
testing-cors-misconfiguration
web application security · medium
testing-for-broken-access-control
web application security · medium
testing-for-business-logic-vulnerabilities
web application security · medium
testing-for-email-header-injection
web application security · medium
testing-for-host-header-injection
web application security · medium
testing-for-json-web-token-vulnerabilities
web application security · medium
testing-for-open-redirect-vulnerabilities
web application security · medium
testing-for-sensitive-data-exposure
web application security · medium
testing-for-xml-injection-vulnerabilities
web application security · medium
testing-for-xss-vulnerabilities
penetration testing · medium
testing-for-xss-vulnerabilities-with-burpsuite
web application security · medium
testing-for-xxe-injection-vulnerabilities
web application security · medium
testing-jwt-token-security
web application security · medium
testing-mobile-api-authentication
mobile security · low
testing-oauth2-implementation-flaws
api security · medium
testing-websocket-api-security
api security · medium
tracking-threat-actor-infrastructure
threat intelligence · low
triaging-vulnerabilities-with-ssvc-framework
vulnerability management · medium
© 2026 Casky.AI, Inc. · AI-Powered Cyber Skills