Описание
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.
Ссылки
- Product
- Third Party Advisory
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0 (включая) до 1.5.3 (включая)
cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 36%
0.0015
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.
EPSS
Процентиль: 36%
0.0015
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-862