cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-3410,https://securityvulnerability.io/vulnerability/CVE-2023-3410,Stored Cross-Site Scripting Vulnerability in Bricks Theme,"The Bricks theme for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability via the 'customTag' attribute. This issue arises from inadequate input sanitization and output escaping for versions up to and including 1.10.1. Authenticated attackers, particularly those with access to the Bricks Builder, can exploit this weakness to inject malicious web scripts into the pages. These scripts will execute upon any user accessing the compromised page, effectively jeopardizing the security of user data and interactions. This risk amplifies further when admin access is inadvertently granted to lower-privileged users.",Wordpress,Bricks,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-09-14T08:37:20.494Z,0
CVE-2023-3408,https://securityvulnerability.io/vulnerability/CVE-2023-3408,Bricks theme vulnerable to Cross-Site Request Forgery,"The Bricks theme for WordPress accommodates a Cross-Site Request Forgery vulnerability due to inadequate nonce validation in its 'save_settings' function. This vulnerability allows unauthenticated attackers to exploit this weakness and manipulate the theme's settings. Specifically, it could enable them to permit lower-privileged users, including contributors, to execute code, provided they successfully deceive a site administrator into performing an action like clicking on a malicious link. Website administrators must secure their installations to prevent such unauthorized modifications and potential exploitations.",Wordpress,Bricks,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-08-17T08:37:24.796Z,0
CVE-2023-3409,https://securityvulnerability.io/vulnerability/CVE-2023-3409,Bricks Theme Vulnerable to Cross-Site Request Forgery,"The Bricks theme for WordPress exhibits a vulnerability that allows for Cross-Site Request Forgery (CSRF), specifically in versions up to and including 1.8.1. This security flaw arises from inadequate nonce validation in the 'reset_settings' function. As a result, unauthenticated attackers could potentially manipulate the theme's settings by crafting a forged request. These attackers often rely on social engineering tactics to mislead site administrators into clicking on malicious links, thereby executing the forged requests. It is critical for users of the Bricks theme to apply necessary updates to ensure their website remains secure.",Wordpress,Bricks,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-08-17T08:37:23.103Z,0
CVE-2024-4874,https://securityvulnerability.io/vulnerability/CVE-2024-4874,Vulnerability in Bricks Builder Plugin Allows Authenticated Attackers to Modify Posts and Pages Created by Other Users,"The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify posts and pages created by other users including admins. As a requirement for this, an admin would have to enable access to the editor specifically for such a user or enable it for all users with a certain user account type.",Wordpress,Bricks Builder,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-22T04:32:03.446Z,0
CVE-2022-3401,https://securityvulnerability.io/vulnerability/CVE-2022-3401,Remote Code Execution Vulnerability in Bricks Theme for WordPress,"The Bricks theme for WordPress presents a risk of remote code execution due to its functionality allowing site editors to embed executable code blocks directly in website content. This vulnerability affects versions 1.2 through 1.5.3 and can be exploited by authenticated attackers with minimal permissions, such as subscribers. These individuals can manipulate any page, post, or template on the vulnerable site, enabling them to inject code execution blocks that could lead to significant security breaches.",Wordpress,Bricks,8.8,HIGH,0.0019199999514967203,false,,false,false,false,,false,false,2022-10-28T18:12:10.719Z,0
CVE-2022-3400,https://securityvulnerability.io/vulnerability/CVE-2022-3400,Authorization Bypass in Bricks Theme for WordPress,"The Bricks theme for WordPress is exposed to an authorization bypass vulnerability due to a lack of sufficient capability checks within the bricks_save_post AJAX action. This flaw allows authenticated users with minimal access, such as subscribers, to manipulate any page, post, or template on the WordPress site. Website owners should promptly update to the latest version to mitigate the risk of unauthorized content alterations.",Wordpress,Bricks,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-10-28T16:57:41.482Z,0