Bricks Security Vulnerabilities and Issues — Bricks CVE List

BricksbuilderBricks

7 matches found

CVE•added 2025/02/27 5:23 a.m.•65 views

CVE-2024-2297

The Bricks WordPress theme (Bricks) is vulnerable to authenticated Privilege Escalation via the create_autosave AJAX function in versions up to and including 1.9.6.1. Exploitation requires Post Builder to be enabled, builder access for contributor-level users, and Code Execution enabled for admin...

8.8CVSS7.5AI score0.00225EPSS

CVE•added 2024/09/14 8:37 a.m.•62 views

CVE-2023-3410

CVE-2023-3410 affects the Bricks theme for WordPress. Versions up to and including 1.10.1 are vulnerable to a Stored Cross-Site Scripting (XSS) via the ‘customTag’ attribute caused by insufficient input sanitization and output escaping. The issue can be exploited by authenticated attackers with B...

5.4CVSS5.4AI score0.00233EPSS

CVE•added 2022/10/28 6:12 p.m.•60 views

CVE-2022-3401

CVE-2022-3401 concerns the Bricks theme for WordPress. The connected documents report a remote code execution vulnerability in versions 1.2–1.5.3 caused by the theme allowing editors to include executable code blocks in content, which, together with the related authorization bypass (CVE-2022-3400...

8.8CVSS6.9AI score0.06552EPSS

Web

CVE•added 2024/08/17 8:37 a.m.•58 views

CVE-2023-3408

CVE-2023-3408 affects the Bricks theme for WordPress. The vulnerability is a CSRF flaw caused by missing/incorrect nonce validation in the save_settings function, allowing unauthenticated attackers to modify theme settings. This could enable a setting that lets low-privileged users (e.g., contrib...

4.3CVSS4.4AI score0.00181EPSS

CVE•added 2024/06/22 4:32 a.m.•53 views

CVE-2024-4874

CVE-2024-4874 affects Bricks Builder for WordPress (Bricks Builder plugin) up to version 1.9.8. It is an Insecure Direct Object Reference via postId due to missing validation on a user-controlled key, enabling authenticated attackers with Contributor-level access and above to modify posts and pag...

4.3CVSS4.7AI score0.0009EPSS

CVE•added 2022/10/28 4:57 p.m.•47 views

CVE-2022-3400

The Bricks theme for WordPress (versions 1.0–1.5.3) is vulnerable to an authorization bypass due to a missing capability check on the bricks_save_post AJAX action. This allows authenticated users with minimal rights (e.g., a subscriber) to edit any page, post, or template on affected sites. Relat...

6.5CVSS6.3AI score0.00149EPSS

Web

CVE•added 2024/08/17 8:37 a.m.•35 views

CVE-2023-3409

CVE-2023-3409 affects Bricks theme for WordPress, with CSRF via reset_settings due to missing/incorrect nonce validation in versions up to 1.8.1. Unauthenticated attackers can reset settings by forging requests that trick a site admin. The vulnerability is cataloged as patched in public advisorie...

5.4CVSS5.1AI score0.00069EPSS