55 matches found
CVE-2022-3401
The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability CVE-2022-3400, makes it possible for authenticate...
WordPress Bricks theme <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting vulnerability
Authenticated Bricks Page Builder Access+ Stored Cross-Site Scripting vulnerability discovered by Ram in WordPress Theme Bricks Builder versions = 1.10.1...
CVE-2023-3410
The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...
CVE-2023-3410 Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting
The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...
CVE-2023-3410 Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting
The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...
CVE-2023-3410
CVE-2023-3410 affects the Bricks theme for WordPress. Versions up to and including 1.10.1 are vulnerable to a Stored Cross-Site Scripting (XSS) via the ‘customTag’ attribute caused by insufficient input sanitization and output escaping. The issue can be exploited by authenticated attackers with B...
WordPress Bricks theme <= 1.8.1 - Cross-Site Request Forgery via save_settings vulnerability
Cross-Site Request Forgery via savesettings vulnerability discovered by Ram in WordPress Theme Bricks Builder versions = 1.8.1...
CVE-2023-3408
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...
CVE-2023-3408
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...
CVE-2023-3408
CVE-2023-3408 affects the Bricks theme for WordPress. The vulnerability is a CSRF flaw caused by missing/incorrect nonce validation in the save_settings function, allowing unauthenticated attackers to modify theme settings. This could enable a setting that lets low-privileged users (e.g., contrib...
CVE-2023-3408 Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...
CVE-2023-3408 Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...
CVE-2023-3409 Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'resetsettings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged...
CVE-2023-3409 Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'resetsettings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged...
PT-2024-12466 · WordPress · The Bricks
Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.8.1 Description: The issue is due to missing or incorrect nonce validation on the reset settings function, making it possible for unauthenticated attackers to reset the theme's...
Bricks Theme for WordPress < 1.9.6.1 Remote Code Execution
The WordPress Bricks Theme installed on the remote host is affected by a vulnerability allowing an unauthenticated attacker to execute arbitrary code via a specially forged request. No source data...
CVE-2024-25600 WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6...
WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 CVSS score: 9.8, enables unauthenticated attackers to achieve remote code execution. It impacts all...
Bricks < 1.9.6.1 - Unauthenticated Remote Code Execution
Description The Bricks theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to execute code on the server...
WordPress theme Bricks license issue vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. An authorization issue vulnerability exists in WordPress theme Bricks...