CVE-2022-3400

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:19

Type Values Removed Values Added
References () https://bricksbuilder.io/ - Product () https://bricksbuilder.io/ - Product
References () https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3400 - Third Party Advisory () https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3400 - Third Party Advisory

28 Oct 2022, 18:52

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-28 17:15

Updated : 2024-11-21 07:19


NVD link : CVE-2022-3400

Mitre link : CVE-2022-3400

CVE.ORG link : CVE-2022-3400


JSON object : View

Products Affected

bricksbuilder

  • bricks
CWE
CWE-862

Missing Authorization