CVE Vulnerability

CVE-2022-3401

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bricksbuilder.io/ Product Vendor Advisory
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3401 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-10-28 07:15

Updated : 2022-11-03 02:14

NVD link : CVE-2022-3401

Mitre link : CVE-2022-3401

Products Affected
No products.
CWE
CWE-94