Bricks Security Vulnerabilities and Issues — Bricks CVE List

Lucene search

BricksbuilderBricks

8 matches found

CVE•added 2024/06/04 1:15 p.m.•349 views

CVE-2024-25600

Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.

10CVSS9.5AI score0.9357EPSS

CVE•added 2024/09/14 9:15 a.m.•56 views

CVE-2023-3410

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder (admin...

5.4CVSS5.4AI score0.00079EPSS

CVE•added 2022/10/28 7:15 p.m.•55 views

CVE-2022-3401

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticate...

8.8CVSS6.9AI score0.07483EPSS

CVE•added 2024/08/17 9:15 a.m.•49 views

CVE-2023-3408

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including en...

4.3CVSS4.4AI score0.00051EPSS

CVE•added 2024/06/22 5:15 a.m.•47 views

CVE-2024-4874

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and ab...

4.3CVSS4.7AI score0.00029EPSS

CVE•added 2022/10/28 5:15 p.m.•42 views

CVE-2022-3400

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template...

6.5CVSS6.3AI score0.00042EPSS

CVE•added 2025/02/27 6:15 a.m.•31 views

CVE-2024-2297

The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above,...

8.8CVSS7.5AI score0.00077EPSS

CVE•added 2024/08/17 9:15 a.m.•30 views

CVE-2023-3409

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged ...

5.4CVSS5.1AI score0.00033EPSS