Lucene search
K

55 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 12:48 a.m.11 views

CVE-2022-3401

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability CVE-2022-3400, makes it possible for authenticate...

8.8CVSS7.2AI score0.01556EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/09/16 7:38 a.m.5 views

WordPress Bricks theme <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting vulnerability

Authenticated Bricks Page Builder Access+ Stored Cross-Site Scripting vulnerability discovered by Ram in WordPress Theme Bricks Builder versions = 1.10.1...

5.4CVSS5.5AI score0.00299EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/09/14 9:15 a.m.22 views

CVE-2023-3410

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...

5.4CVSS0.00299EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/09/14 8:37 a.m.29 views

CVE-2023-3410 Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...

5.4CVSS0.00299EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/14 8:37 a.m.20 views

CVE-2023-3410 Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...

5.4CVSS5.9AI score0.00299EPSS
Exploits0References3
CVE
CVE
added 2024/09/14 8:37 a.m.71 views

CVE-2023-3410

CVE-2023-3410 affects the Bricks theme for WordPress. Versions up to and including 1.10.1 are vulnerable to a Stored Cross-Site Scripting (XSS) via the ‘customTag’ attribute caused by insufficient input sanitization and output escaping. The issue can be exploited by authenticated attackers with B...

5.4CVSS5.4AI score0.00299EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/19 1:42 a.m.6 views

WordPress Bricks theme <= 1.8.1 - Cross-Site Request Forgery via save_settings vulnerability

Cross-Site Request Forgery via savesettings vulnerability discovered by Ram in WordPress Theme Bricks Builder versions = 1.8.1...

4.3CVSS7AI score0.00227EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/08/17 9:15 a.m.14 views

CVE-2023-3408

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...

4.3CVSS0.00227EPSS
Exploits0References2
OSV
OSV
added 2024/08/17 9:15 a.m.5 views

CVE-2023-3408

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...

4.3CVSS5.6AI score0.00227EPSS
Exploits0References2
CVE
CVE
added 2024/08/17 8:37 a.m.61 views

CVE-2023-3408

CVE-2023-3408 affects the Bricks theme for WordPress. The vulnerability is a CSRF flaw caused by missing/incorrect nonce validation in the save_settings function, allowing unauthenticated attackers to modify theme settings. This could enable a setting that lets low-privileged users (e.g., contrib...

4.3CVSS4.4AI score0.00227EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/17 8:37 a.m.18 views

CVE-2023-3408 Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...

4.3CVSS0.00227EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/17 8:37 a.m.13 views

CVE-2023-3408 Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...

4.3CVSS6.8AI score0.00227EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/17 8:37 a.m.10 views

CVE-2023-3409 Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'resetsettings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged...

5.4CVSS6.4AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/17 8:37 a.m.19 views

CVE-2023-3409 Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'resetsettings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged...

5.4CVSS0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.4 views

PT-2024-12466 · WordPress · The Bricks

Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.8.1 Description: The issue is due to missing or incorrect nonce validation on the reset settings function, making it possible for unauthenticated attackers to reset the theme's...

5.4CVSS6.5AI score0.00187EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.14 views

Bricks Theme for WordPress < 1.9.6.1 Remote Code Execution

The WordPress Bricks Theme installed on the remote host is affected by a vulnerability allowing an unauthenticated attacker to execute arbitrary code via a specially forged request. No source data...

10CVSS8.4AI score0.88234EPSS
Exploits18References3
Vulnrichment
Vulnrichment
added 2024/06/04 12:51 p.m.46 views

CVE-2024-25600 WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6...

10CVSS7AI score0.88234EPSS
Exploits18References5
The Hacker News
The Hacker News
added 2024/02/20 9:8 a.m.65 views

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 CVSS score: 9.8, enables unauthenticated attackers to achieve remote code execution. It impacts all...

10CVSS10AI score0.88234EPSS
Exploits18
WPVulnDB
WPVulnDB
added 2024/02/16 12:0 a.m.45 views

Bricks < 1.9.6.1 - Unauthenticated Remote Code Execution

Description The Bricks theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to execute code on the server...

10CVSS7.8AI score0.88234EPSS
Exploits18References1Affected Software1
CNVD
CNVD
added 2022/10/31 12:0 a.m.22 views

WordPress theme Bricks license issue vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. An authorization issue vulnerability exists in WordPress theme Bricks...

6.5CVSS6.7AI score0.00618EPSS
Exploits1References1
Rows per page
Query Builder