Lucene search
PRIOn knowledge basePRION:CVE-2022-3400HistoryOct 28, 2022 - 5:15 p.m.
Authorization
2022-10-2817:15:00
PRIOn knowledge base
www.prio-n.com
3
bricks theme
wordpress
vulnerability
ajax action
capability check
authenticated attackers
minimal permissions
subscriber
edit page
post
template
nvd
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.
Related
wpexploit
wpexploit
Bricks Builder < 1.5.4 - Subscriber+ Arbitrary Post/Page Edition
2022-10-03 00:00:00
wpvulndb
wpvulndb
Bricks Builder < 1.5.4 - Subscriber+ Arbitrary Post/Page Edition
2022-10-03 00:00:00
patchstack
patchstack
cve
cve
CVE-2022-3400
2022-10-28 17:15:26
CVE-2022-3401
2022-10-28 19:15:09
cvelist
cvelist
CVE-2022-3400
2022-10-28 16:57:41
CVE-2022-3401
2022-10-28 18:12:10
nvd
nvd
CVE-2022-3400
2022-10-28 17:15:26
CVE-2022-3401
2022-10-28 19:15:09
cnvd
cnvd
WordPress theme Bricks license issue vulnerability
2022-10-31 00:00:00
prion
prion
Authorization
2022-10-28 19:15:00