190 matches found
CVE-2026-41554
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...
Unauthenticated Remote Code Execution – Bricks <= 1.9.6
Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks = 1.9.6 is vulnerable to unauthenticated remote code execution RCE which means that anybod...
MAL-2026-4500 Malicious code in bricks-builder-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...
EUVD-2026-28369
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...
CVE-2026-41554
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...
CVE-2026-41554
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...
CVE-2026-41554 WordPress Bricks Builder theme 1.9.2-2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...
CVE-2026-41554
CVE-2026-41554 concerns WordPress Bricks Builder theme, affecting versions from n/a through 1.9.2 to 2.2. The issue is an Improper Neutralization of Input During Web Page Generation leading to a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerable component is the Bricks Builder the...
CVE-2026-41554 WordPress Bricks Builder theme 1.9.2-2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...
PT-2026-38436
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...
WordPress plugin Bricks Builder 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Bricks Builder theme <= 2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by w41bu1 in WordPress Theme Bricks Builder versions = 2.2...
📄 WordPress Bricks 1.9.6 Remote Code Execution
Proof of concept exploit for a critical vulnerability in WordPress Bricks Builder plugin version 1.9.6 that allows unauthenticated attackers to execute arbitrary PHP code through the Bricks REST API. The attack targets the renderelement endpoint, injecting malicious instructions in the Query Edit...
Exploit for CVE-2024-25600
CVE-2024-25600 — WordPress Bricks Builder RCE PoC Unauthent...
A week in security (January 5 – January 11)
Last week on Malwarebytes Labs: pcTattletale founder pleads guilty as US cracks down on stalkerware Are we ready for ChatGPT Health? CISA warns of active attacks on HPE OneView and legacy PowerPoint Lego’s Smart Bricks explained: what they do, and what they don’t Fake WinRAR downloads hide malwar...
Lego’s Smart Bricks explained: what they do, and what they don’t
Lego just made what it claims is its most important product release since it introduced minifigures in 1978. No, it's not yet another brand franchise. It's a computer in a brick. Called the Smart Brick , it's part of a broader system called Smart Play that Lego hopes will revolutionize your child...
CVE-2024-2297
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the createautosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above...
Exploit for CVE-2024-25600
🧱 BrickBreaker !Pythonhttps://img.shields.io/badge/Pytho...
Exploit for CVE-2024-25600
MODIFIED CVE-2024-25600 original - https://github.com/K3ysT...
Malicious Package
Overview internal-checkout-bricks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...