Lucene search
K

196 matches found

CVE
CVE
added 2024/08/17 8:37 a.m.61 views

CVE-2023-3408

CVE-2023-3408 affects the Bricks theme for WordPress. The vulnerability is a CSRF flaw caused by missing/incorrect nonce validation in the save_settings function, allowing unauthenticated attackers to modify theme settings. This could enable a setting that lets low-privileged users (e.g., contrib...

4.3CVSS4.4AI score0.00227EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/17 8:37 a.m.15 views

CVE-2023-3408 Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...

4.3CVSS0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/17 8:37 a.m.19 views

CVE-2023-3409 Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'resetsettings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged...

5.4CVSS0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/17 8:37 a.m.9 views

CVE-2023-3409 Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'resetsettings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged...

5.4CVSS6.4AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2024/08/17 8:37 a.m.39 views

CVE-2023-3409

CVE-2023-3409 affects Bricks theme for WordPress, with CSRF via reset_settings due to missing/incorrect nonce validation in versions up to 1.8.1. Unauthenticated attackers can reset settings by forging requests that trick a site admin. The vulnerability is cataloged as patched in public advisorie...

5.4CVSS5.1AI score0.00187EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.7 views

PT-2024-12465 · WordPress · The Bricks

Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.8.1 Description: The issue is due to missing or incorrect nonce validation on the save settings function, making it possible for unauthenticated attackers to modify the theme's...

4.3CVSS7.3AI score0.00227EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/08/17 12:0 a.m.2 views

WordPress plugin Bricks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

4.3CVSS6.5AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.4 views

PT-2024-12466 · WordPress · The Bricks

Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.8.1 Description: The issue is due to missing or incorrect nonce validation on the reset settings function, making it possible for unauthenticated attackers to reset the theme's...

5.4CVSS6.5AI score0.00187EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/08/17 12:0 a.m.2 views

WordPress plugin Bricks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.6AI score0.00187EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.13 views

Bricks Theme for WordPress < 1.9.6.1 Remote Code Execution

The WordPress Bricks Theme installed on the remote host is affected by a vulnerability allowing an unauthenticated attacker to execute arbitrary code via a specially forged request. No source data...

10CVSS8.4AI score0.87452EPSS
Exploits16References3
Patchstack
Patchstack
added 2024/06/24 10:2 a.m.7 views

WordPress Bricks Builder plugin <= 1.9.8 - Insecure Direct Object Reference vulnerability

Insecure Direct Object Reference vulnerability discovered by Francesco Carlucci in WordPress Plugin Bricks Builder Premium versions = 1.9.8...

4.3CVSS7AI score0.00314EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/24 12:0 a.m.13 views

WordPress Bricks Builder (Premium) Plugin <= 1.9.8 is vulnerable to Insecure Direct Object References (IDOR)

Software Bricks Builder Premium Type Plugin Vulnerable versions = 1.9.8 Fixed in 1.9.9 OWASP Top 10 A5: Security Misconfiguration Classification Insecure Direct Object References IDOR CVE CVE-2024-4874 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 25f017e35793 Credits...

4.3CVSS6.8AI score0.00314EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/06/22 5:15 a.m.32 views

CVE-2024-4874

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS0.00314EPSS
Exploits0References2
OSV
OSV
added 2024/06/22 5:15 a.m.9 views

CVE-2024-4874

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS5.8AI score0.00314EPSS
Exploits0References2
CVE
CVE
added 2024/06/22 4:32 a.m.59 views

CVE-2024-4874

CVE-2024-4874 affects Bricks Builder for WordPress (Bricks Builder plugin) up to version 1.9.8. It is an Insecure Direct Object Reference via postId due to missing validation on a user-controlled key, enabling authenticated attackers with Contributor-level access and above to modify posts and pag...

4.3CVSS4.7AI score0.00314EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/22 4:32 a.m.33 views

CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS0.00314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/22 4:32 a.m.18 views

CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS6.5AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/22 12:0 a.m.7 views

WordPress plugin Bricks Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.9AI score0.00314EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/06/06 3:59 a.m.424 views

Exploit for CVE-2024-25600

TG Join Us: https://t.me/WanLiChangChengWanLiChang Join us f...

10CVSS7.5AI score0.87452EPSS
Exploits16
NVD
NVD
added 2024/06/04 1:15 p.m.27 views

CVE-2024-25600

Improper Control of Generation of Code 'Code Injection' vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6...

10CVSS9.6AI score0.87452EPSS
Exploits16References5
Rows per page
Query Builder