Etragardh

**Name of the Vulnerable Software and Affected Versions** The Bricks theme for WordPress versions up to, and including, 1.9.6.1 **Description** The issue is due to insufficient validation checks on the `create autosave` AJAX function, allowing authenticated attackers with contributor-level access and above to execute arbitrary PHP code with elevated privileges. Successful exploitation requires the Bricks Builder to be enabled for posts, Builder access to be enabled for contributor-level users, and "Code Execution" to be enabled for administrator-level users within the theme's settings. **Recommendations** For versions up to, and including, 1.9.6.1, consider disabling the `create autosave` AJAX function until a patch is available. Additionally, restrict Builder access to contributor-level users and disable "Code Execution" for administrator-level users within the theme's settings to minimize the risk of exploitation.