Lucene search
K

CVE-2022-3401

🗓️ 28 Oct 2022 18:12:10Reported by WordfenceType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 63 Views🌐 WEB

Bricks WordPress theme allows remote code execution via content editin

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-3401
28 Oct 202219:15
attackerkb
Circl
CVE-2022-3401
28 Oct 202222:29
circl
CNNVD
WordPress theme Bricks 代码注入漏洞
28 Oct 202200:00
cnnvd
CNVD
WordPress theme Bricks Remote Code Execution Vulnerability
31 Oct 202200:00
cnvd
Cvelist
CVE-2022-3401
28 Oct 202218:12
cvelist
EUVD
EUVD-2022-42778
3 Oct 202520:07
euvd
NVD
CVE-2022-3401
28 Oct 202219:15
nvd
OSV
CVE-2022-3401
28 Oct 202219:15
osv
Patchstack
WordPress Bricks Builder premium theme <= 1.5.3 - Auth. Remote Code Execution vulnerability
27 Oct 202200:00
patchstack
Prion
Authorization
28 Oct 202219:15
prion
Rows per page
NVD
Vulners
Node
bricksbuilderbricksRange1.21.5.4wordpress
[
  {
    "vendor": "Bricks Builder",
    "product": "Bricks",
    "versions": [
      {
        "version": "1.2",
        "status": "affected",
        "lessThanOrEqual": "1.5.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]
ParameterPositionPathDescriptionCWE
actionrequest bodywp-admin/admin-ajax.phpAuthenticated attacker with minimal permissions can inject executable code via bricks_save_post content field, enabling remote code execution.
postIdrequest bodywp-admin/admin-ajax.phpAuthenticated attacker with minimal permissions can inject executable code via bricks_save_post content field, enabling remote code execution.
arearequest bodywp-admin/admin-ajax.phpAuthenticated attacker with minimal permissions can inject executable code via bricks_save_post content field, enabling remote code execution.
noncerequest bodywp-admin/admin-ajax.phpAuthenticated attacker with minimal permissions can inject executable code via bricks_save_post content field, enabling remote code execution.
contentrequest bodywp-admin/admin-ajax.phpAuthenticated attacker with minimal permissions can inject executable code via bricks_save_post content field, enabling remote code execution.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:59Current
6.9Medium risk
Vulners AI Score6.9
CVSS 3.18.8
EPSS0.01556
SSVC
63