Stored Cross-Site Scripting Vulnerability in Bricks Theme
CVE-2023-3410
5.4MEDIUM
What is CVE-2023-3410?
The Bricks theme for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability via the 'customTag' attribute. This issue arises from inadequate input sanitization and output escaping for versions up to and including 1.10.1. Authenticated attackers, particularly those with access to the Bricks Builder, can exploit this weakness to inject malicious web scripts into the pages. These scripts will execute upon any user accessing the compromised page, effectively jeopardizing the security of user data and interactions. This risk amplifies further when admin access is inadvertently granted to lower-privileged users.
Affected Version(s)
Bricks * <= 1.10.1