Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
WordPress theme Bricks 安全漏洞
Vulnerability Description
WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress theme是WordPress的一款主题。 WordPress theme Bricks 1.0至1.5.3版本存在安全漏洞,该漏洞源于其缺少对bricks_save_post AJAX操作的功能检查,使得具有最小权限的认证攻击者(如订阅者)可以编辑易受攻击的WordPress网站上的任何页面、帖子或模板。
CVSS Information
N/A
Vulnerability Type
N/A