← back
CVE-2022-3400

CVE-2022-3400

CVSS 6.5 MEDIUMEPSS 0.6%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.
CVSS:3.1/A:N/I:H/C:N/S:U/UI:N/PR:L/AC:L/AV:N
Affected products
Bricks Builder · Bricks

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →