Vulnerabilities > Bricksbuilder
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-22 | CVE-2024-4874 | Authorization Bypass Through User-Controlled Key vulnerability in Bricksbuilder Bricks The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. | 4.3 |
2022-10-28 | CVE-2022-3401 | Unspecified vulnerability in Bricksbuilder Bricks The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. | 8.8 |
2022-10-28 | CVE-2022-3400 | Missing Authorization vulnerability in Bricksbuilder Bricks The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. | 6.5 |