Authorization Bypass in Bricks Theme for WordPress
CVE-2022-3400
6.5MEDIUM
Key Information:
- Vendor
- Bricks Builder
- Status
- Bricks
- Vendor
- CVE Published:
- 28 October 2022
Summary
The Bricks theme for WordPress is exposed to an authorization bypass vulnerability due to a lack of sufficient capability checks within the bricks_save_post AJAX action. This flaw allows authenticated users with minimal access, such as subscribers, to manipulate any page, post, or template on the WordPress site. Website owners should promptly update to the latest version to mitigate the risk of unauthorized content alterations.
Affected Version(s)
Bricks 1.0 <= 1.5.3
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved