Vulnerabilities > Bricksbuilder

DATE CVE VULNERABILITY TITLE RISK
2024-09-14 CVE-2023-3410 Cross-site Scripting vulnerability in Bricksbuilder Bricks
The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping.
network
low complexity
bricksbuilder CWE-79
5.4
5.4
2024-08-17 CVE-2023-3408 Cross-Site Request Forgery (CSRF) vulnerability in Bricksbuilder Bricks
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1.
network
low complexity
bricksbuilder CWE-352
4.3
4.3
2024-08-17 CVE-2023-3409 Cross-Site Request Forgery (CSRF) vulnerability in Bricksbuilder Bricks
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1.
network
low complexity
bricksbuilder CWE-352
4.3
4.3
2024-06-22 CVE-2024-4874 Authorization Bypass Through User-Controlled Key vulnerability in Bricksbuilder Bricks
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key.
network
low complexity
bricksbuilder CWE-639
4.3
4.3
2022-10-28 CVE-2022-3401 Unspecified vulnerability in Bricksbuilder Bricks
The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3.
network
low complexity
bricksbuilder
8.8
8.8
2022-10-28 CVE-2022-3400 Missing Authorization vulnerability in Bricksbuilder Bricks
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3.
network
low complexity
bricksbuilder CWE-862
6.5
6.5