55 matches found
CVE-2024-2297
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the createautosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above...
EUVD-2024-27252
Malicious code in bioql PyPI...
EUVD-2023-44076
Malicious code in bioql PyPI...
EUVD-2023-44075
Malicious code in bioql PyPI...
EUVD-2022-42777
Malicious code in bioql PyPI...
EUVD-2023-44077
Malicious code in bioql PyPI...
EUVD-2025-22967
Malicious code in bioql PyPI...
CVE-2025-6495
The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...
CVE-2025-6495
The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...
CVE-2025-6495
CVE-2025-6495 is a WordPress Bricks Builder vulnerability: unauthenticated SQL Injection via the parameter ‘p’ in Bricks versions
PT-2025-31168 · WordPress · Bricks Theme For Wordpress
Name of the Vulnerable Software and Affected Versions: Bricks theme for WordPress versions prior to 1.12.5 Description: The Bricks theme for WordPress is susceptible to a blind SQL Injection issue via the p parameter. Insufficient escaping of user-supplied input and inadequate preparation of...
VulnCheck KEV: CVE-2025-6495
The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...
CVE-2023-3408
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...
CVE-2023-3410
The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...
CVE-2023-3409
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'resetsettings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged...
CVE-2022-3400
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the brickssavepost AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template...
CVE-2024-2297
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the createautosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above...
CVE-2024-2297
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the createautosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above...
CVE-2024-2297
The Bricks WordPress theme (Bricks) is vulnerable to authenticated Privilege Escalation via the create_autosave AJAX function in versions up to and including 1.9.6.1. Exploitation requires Post Builder to be enabled, builder access for contributor-level users, and Code Execution enabled for admin...
CVE-2024-2297 Bricksbuilder <= 1.9.6.1 - Authenticated (Contributor+) Privilege Escalation via create_autosave
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the createautosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above...