Primary

Context

Bricks WordPress Theme Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability has been identified in the Bricks WordPress theme, affecting all versions through 1.9.6.1. The issue arises from inadequate validation on the create_autosave AJAX function, allowing authenticated attackers with contributor-level access or higher to execute arbitrary PHP code with administrator privileges. Successful exploitation requires the Bricks Builder to be active for posts, Builder access for contributor-level users, and 'Code Execution' enabled for administrators in the theme settings.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling contributors to execute code with administrator rights.

Remediation

Users are advised to update to Bricks version 1.9.7 or a later patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bricks WordPress Theme Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Bricks

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating