VYPR
← All advisories
High severity7.5NVD Advisory· Published Jul 29, 2025· Updated Apr 15, 2026

CVE-2025-6495

CVE-2025-6495

Description

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Blind SQL injection in Bricks theme ≤1.12.4 allows unauthenticated data extraction via crafted 'p' parameter.

Vulnerability

Overview The Bricks theme for WordPress versions up to 1.12.4 are vulnerable to blind SQL injection through the 'p' parameter. The issue arises from insufficient escaping of user-supplied input and inadequate preparation of the SQL query, allowing an unauthenticated attacker to append arbitrary SQL clauses to existing queries [1].

Exploitation

Details This vulnerability can be triggered without authentication. However, the injection is time-based or blind, meaning an attacker cannot directly read or modify database contents. Instead, they must infer information by observing response delays or other indirect techniques, making exploitation complex and less practical in real-world scenarios [1].

Impact

Assessment Successful exploitation could enable an attacker to extract sensitive information from the database, such as user credentials or configuration data, though the blind nature limits the efficiency of data retrieval. There is no evidence of active exploitation in the wild as of the advisory [1].

Mitigation

The vulnerability is patched in Bricks version 2.0 and also in a hotfix release 1.12.5. Users are strongly advised to update immediately. The vendor also provides instructions for applying the patch manually [1].

References
  1. Bricks 2.0

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.