8.8

CVE-2022-3401

EPSS 10.85%
Veröffentlicht 28.10.2022 19:15:09
Zuletzt bearbeitet 21.11.2024 07:19:26
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Bricks 1.2 - 1.5.3 - Remote Code Execution

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.

Mögliche Gegenmaßnahme

Bricks: Update to version 1.5.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Theme

≫

Produkt Bricks

Version 1.2-1.5.3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bricksbuilder ≫ Bricks SwPlatformwordpress Version >= 1.2 < 1.5.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.85%	0.932

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@wordfence.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://bricksbuilder.io/

Vendor Advisory

Product

https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3401

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/2471d06b-7d9a-41b9-b38c-3f40322d8a5b

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3401

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3401

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3401

EUVD