CVE-2022-3400
CVE-2022-3400
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
28 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.
CVSS:3.1/A:N/I:H/C:N/S:U/UI:N/PR:L/AC:L/AV:N
Affected products
Bricks Builder · BricksWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →