Authorization Bypass in Bricks Theme for WordPress
CVE-2022-3400

6.5MEDIUM

Key Information:

Vendor
Bricks Builder
Status
Bricks
Vendor
CVE Published:
28 October 2022

Summary

The Bricks theme for WordPress is exposed to an authorization bypass vulnerability due to a lack of sufficient capability checks within the bricks_save_post AJAX action. This flaw allows authenticated users with minimal access, such as subscribers, to manipulate any page, post, or template on the WordPress site. Website owners should promptly update to the latest version to mitigate the risk of unauthorized content alterations.

Affected Version(s)

Bricks 1.0 <= 1.5.3

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.