CVE-2022-3400

Name of the Vulnerable Software and Affected Versions The Bricks theme for WordPress versions 1.0 through 1.5.3

Description The issue is related to authorization bypass due to a missing capability check on the bricks save post AJAX action. This allows authenticated attackers with minimal permissions to edit any page, post, or template on the vulnerable WordPress website.

Recommendations For versions 1.0 through 1.5.3, consider disabling the bricks save post AJAX action until a patch is available to prevent exploitation. Restrict access to editing pages, posts, or templates to minimize the risk of unauthorized modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.