VYPR
Vendor

Bricksbuilder

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2024-25600CriJun 4, 2024
    risk 0.76cvss 10.0epss 0.87

    Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.

  • CVE-2025-6495HigJul 29, 2025
    risk 0.49cvss 7.5epss 0.00

    The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…

  • CVE-2026-41554HigMay 7, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2.

  • CVE-2024-4874MedJun 22, 2024
    risk 0.28cvss 4.3epss 0.00

    The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with…

  • CVE-2022-3401Oct 28, 2022
    risk 0.01cvss epss 0.02

    The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it…

  • CVE-2024-2297Feb 27, 2025
    risk 0.00cvss epss 0.00

    The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with…

  • CVE-2023-3410Sep 14, 2024
    risk 0.00cvss epss 0.00

    The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the…

  • CVE-2023-3408Aug 17, 2024
    risk 0.00cvss epss 0.00

    The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's…

  • CVE-2023-3409Aug 17, 2024
    risk 0.00cvss epss 0.00

    The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's…

  • CVE-2022-3400Oct 28, 2022
    risk 0.00cvss epss 0.01

    The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any…