CVE-2024-2297

27 Feb 2025

Título es
CVE-2024-2297

Jue, 27/02/2025 – 06:15

Tipo
CWE-269

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-2297

Descripción en
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for contributor-level users, and (3) "Code Execution" to be enabled for administrator-level users within the theme's settings.

27/02/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

Bricks 1.9.7

https://www.wordfence.com/threat-intel/vulnerabilities/id/cb075e85-75fc-4008-8270-4d1064ace29e?source=cve

Enviar en el boletín
Off

CVE-2024-2297

CVE-2024-2297

Jose Alexis Correa Valencia