Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-3401
HistoryOct 28, 2022 - 7:15 p.m.

CVE-2022-3401

2022-10-2819:15:09
[email protected]
web.nvd.nist.gov
wordpress
bricks theme
remote code execution
authenticated attackers

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

66.5%

JSON

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.

Affected configurations

NVD
Node
bricksbuilderbricksRange1.21.5.4wordpress

Related

prion 2
cve 2
cvelist 2
patchstack 2
wpexploit 2
wpvulndb 2
cnvd 2
nvd 1
prion
prion
Authorization
2022-10-28 19:15:00
Authorization
2022-10-28 17:15:00
cve
cve
CVE-2022-3401
2022-10-28 19:15:09
CVE-2022-3400
2022-10-28 17:15:26
cvelist
cvelist
CVE-2022-3401
2022-10-28 18:12:10
CVE-2022-3400
2022-10-28 16:57:41
patchstack
patchstack
WordPress Bricks Builder premium theme <= 1.5.3 - Auth. Remote Code Execution vulnerability
2022-10-27 00:00:00
WordPress Bricks Builder premium theme <= 1.5.3 - Auth. Arbitrary Post/Page Edition vulnerability
2022-10-27 00:00:00
wpexploit
wpexploit
Bricks Builder < 1.5.4 - Subscriber+ Remote Code Execution
2022-10-03 00:00:00
Bricks Builder < 1.5.4 - Subscriber+ Arbitrary Post/Page Edition
2022-10-03 00:00:00
wpvulndb
wpvulndb
Bricks Builder < 1.5.4 - Subscriber+ Remote Code Execution
2022-10-03 00:00:00
Bricks Builder < 1.5.4 - Subscriber+ Arbitrary Post/Page Edition
2022-10-03 00:00:00
cnvd
cnvd
WordPress theme Bricks Remote Code Execution Vulnerability
2022-10-31 00:00:00
WordPress theme Bricks license issue vulnerability
2022-10-31 00:00:00
nvd
nvd
CVE-2022-3400
2022-10-28 17:15:26

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

66.5%

JSON
Related for NVD:CVE-2022-3401
prion2cve2cvelist2patchstack2wpexploit2wpvulndb2cnvd2nvd1