Lucene search

WpvulndbWPVDB-ID:201857E6-9211-4E84-97E8-1E1EED2B1653

HistoryApr 11, 2024 - 12:00 a.m.

Bricksforge < 2.1.1 - Missing Authorization to Unauthenticated WordPress Settings Update

2024-04-1100:00:00

wpscan.com

bricksforge

wordpress

vulnerability

unauthorized access

capability check

unauthenticated attackers

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Description The Bricksforge plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to update arbitrary WordPress settings.

References

www.wordfence.com/threat-intel/vulnerabilities/id/73445d8f-1f9c-4ba7-9e3c-3e6221f3b23e

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:201857E6-9211-4E84-97E8-1E1EED2B1653