196 matches found
CVE-2023-3408
CVE-2023-3408 affects the Bricks theme for WordPress. The vulnerability is a CSRF flaw caused by missing/incorrect nonce validation in the save_settings function, allowing unauthenticated attackers to modify theme settings. This could enable a setting that lets low-privileged users (e.g., contrib...
CVE-2023-3408 Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...
CVE-2023-3409 Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'resetsettings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged...
CVE-2023-3409 Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'resetsettings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged...
CVE-2023-3409
CVE-2023-3409 affects Bricks theme for WordPress, with CSRF via reset_settings due to missing/incorrect nonce validation in versions up to 1.8.1. Unauthenticated attackers can reset settings by forging requests that trick a site admin. The vulnerability is cataloged as patched in public advisorie...
PT-2024-12465 · WordPress · The Bricks
Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.8.1 Description: The issue is due to missing or incorrect nonce validation on the save settings function, making it possible for unauthenticated attackers to modify the theme's...
WordPress plugin Bricks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
PT-2024-12466 · WordPress · The Bricks
Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.8.1 Description: The issue is due to missing or incorrect nonce validation on the reset settings function, making it possible for unauthenticated attackers to reset the theme's...
WordPress plugin Bricks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Bricks Theme for WordPress < 1.9.6.1 Remote Code Execution
The WordPress Bricks Theme installed on the remote host is affected by a vulnerability allowing an unauthenticated attacker to execute arbitrary code via a specially forged request. No source data...
WordPress Bricks Builder plugin <= 1.9.8 - Insecure Direct Object Reference vulnerability
Insecure Direct Object Reference vulnerability discovered by Francesco Carlucci in WordPress Plugin Bricks Builder Premium versions = 1.9.8...
WordPress Bricks Builder (Premium) Plugin <= 1.9.8 is vulnerable to Insecure Direct Object References (IDOR)
Software Bricks Builder Premium Type Plugin Vulnerable versions = 1.9.8 Fixed in 1.9.9 OWASP Top 10 A5: Security Misconfiguration Classification Insecure Direct Object References IDOR CVE CVE-2024-4874 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 25f017e35793 Credits...
CVE-2024-4874
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2024-4874
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2024-4874
CVE-2024-4874 affects Bricks Builder for WordPress (Bricks Builder plugin) up to version 1.9.8. It is an Insecure Direct Object Reference via postId due to missing validation on a user-controlled key, enabling authenticated attackers with Contributor-level access and above to modify posts and pag...
CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...
WordPress plugin Bricks Builder security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Exploit for CVE-2024-25600
TG Join Us: https://t.me/WanLiChangChengWanLiChang Join us f...
CVE-2024-25600
Improper Control of Generation of Code 'Code Injection' vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6...