WordPress Bricks 1.9.6 Remote Code Execution

This tool is designed to exploit the CVE-2024-25600 vulnerability found in the Bricks Builder plugin for WordPress versions 1.9.6 and below. The vulnerability allows for unauthenticated remote code execution on affected websites. The tool automates the exploitation process by retrieving nonces an...

CVE-2025-6495

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

CVE-2025-6495

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

CVE-2025-6495

CVE-2025-6495 affects the Bricks theme for WordPress (prior to 1.12.5; versions up to 1.12.4) with a blind SQL Injection via the p parameter caused by insufficient escaping and inadequate SQL query preparation. Exploitation is unauthenticated and can lead to leakage of sensitive data. Remediation...

CVE-2025-6495 Bricks Builder <= 1.12.4 - Unauthenticated SQL Injection via `p` Parameter

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

CVE-2025-6495 Bricks Builder <= 1.12.4 - Unauthenticated SQL Injection via `p` Parameter

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

WordPress plugin Bricks SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-31168 · WordPress · Bricks Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Bricks theme for WordPress versions prior to 1.12.5 Description: The Bricks theme for WordPress is susceptible to a blind SQL Injection issue via the p parameter. Insufficient escaping of user-supplied input and inadequate preparation of...

WordPress Bricks Builder plugin <= 1.12.4 - Unauthenticated SQL Injection via `p` Parameter vulnerability

Unauthenticated SQL Injection via p Parameter vulnerability discovered by Jamie Burchell in WordPress Theme Bricks Builder versions = 1.12.4...

WordPress Bricks Builder Theme <= 1.12.4 is vulnerable to SQL Injection

Software Bricks Builder Type Theme Vulnerable versions = 1.12.4 Fixed in 2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2025-6495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a75c4498f744 Credits Jamie Burchell Required privilege Unauthenticated...

VulnCheck KEV: CVE-2025-6495

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

Exploit for CVE-2024-25600

Bricks Builder RCE Exploit CVE-2024-25600 This project cont...

CVE-2024-49665

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks Addons for Elementor: from n/a through 1.1.1...

CVE-2024-51663

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricksable Bricksable for Bricks Builder bricksable allows Stored XSS.This issue affects Bricksable for Bricks Builder: from n/a through = 1.6.59...

CVE-2024-4874

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2023-3408

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...

CVE-2023-3410

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...

CVE-2023-3409

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'resetsettings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged...

CVE-2022-3400

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the brickssavepost AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template...

WordPress Bricks Builder 1.9.6 Remote Code Execution

WordPress Bricks Builder plugin versions 1.9.6 and below unauthenticated remote code execution exploit...