Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Bricks Builder

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-41554
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 13:28
Updated-07 May, 2026 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bricks Builder theme 1.9.2-2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2.

Action-Not Available
Vendor-Bricks
Product-Bricks Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4874
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.44%
||
7 Day CHG~0.00%
Published-22 Jun, 2024 | 04:32
Updated-08 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bricks Builder <= 1.9.8 - Insecure Direct Object Reference

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify posts and pages created by other users including admins. As a requirement for this, an admin would have to enable access to the editor specifically for such a user or enable it for all users with a certain user account type.

Action-Not Available
Vendor-bricksbuilderBricksBuilder
Product-bricksBricks Builder
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-25600
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-93.81% / 99.87%
||
7 Day CHG-0.07%
Published-04 Jun, 2024 | 12:51
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.

Action-Not Available
Vendor-Codeer Limitedbricksbuilder
Product-Bricks Builderbricks
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')