Authorization Bypass in Bricks Theme for WordPress
CVE-2022-3400
6.5MEDIUM
What is CVE-2022-3400?
The Bricks theme for WordPress is exposed to an authorization bypass vulnerability due to a lack of sufficient capability checks within the bricks_save_post AJAX action. This flaw allows authenticated users with minimal access, such as subscribers, to manipulate any page, post, or template on the WordPress site. Website owners should promptly update to the latest version to mitigate the risk of unauthorized content alterations.
Affected Version(s)
Bricks 1.0 <= 1.5.3