The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.
References
Link | Resource |
---|---|
https://bricksbuilder.io/ | Product |
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3400 | Third Party Advisory |
https://bricksbuilder.io/ | Product |
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3400 | Third Party Advisory |
Configurations
History
21 Nov 2024, 07:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://bricksbuilder.io/ - Product | |
References | () https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3400 - Third Party Advisory |
28 Oct 2022, 18:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-28 17:15
Updated : 2024-11-21 07:19
NVD link : CVE-2022-3400
Mitre link : CVE-2022-3400
CVE.ORG link : CVE-2022-3400
JSON object : View
Products Affected
bricksbuilder
- bricks
CWE
CWE-862
Missing Authorization