← Back

CVE-2022-3401

nvd nist
Published: Oct 28, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.

Affected (1)

Bricksbuilder
1 product
Bricks
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Bricks
From 1.2 to 1.5.4

References (4)

Source: security@wordfence.com
ProductVendor Advisory
Source: security@wordfence.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.