VulnTitan VulnTitan Security command center
Theme Vulnerability Hub
Theme 8 known issues Latest disclosed Jul 28, 2025

Bricks Vulnerabilities

Review known vulnerability records for the WordPress theme Bricks (`bricks`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-6495, CVE-2024-2297 and CVE-2023-3410, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
8
High or Critical
4
Patch Coverage
100%
Last Updated
Jul 29, 2025
Priority CVE Quick Links

Fast paths into Bricks CVE reports

Start with the highest-signal CVE records for this WordPress theme before scanning the full vulnerability feed.

Indexed CVEs
8
CVE-2024-25600 Critical 1.9.6.1
CVE-2024-25600 Bricks Remote Code Execution

Bricks <= 1.9.6 - Unauthenticated Remote Code Execution

CVE-2022-3401 High 1.5.4
CVE-2022-3401 Bricks Remote Code Execution

Bricks 1.2 - 1.5.3 - Remote Code Execution

CVE-2025-6495 High 2.0
CVE-2025-6495 Bricks SQL Injection

Bricks Builder <= 1.12.4 - Unauthenticated SQL Injection via `p` Parameter

CVE-2024-2297 High 1.9.7
CVE-2024-2297 Bricks Privilege Escalation

Bricksbuilder <= 1.9.6.1 - Authenticated (Contributor+) Privilege Escalation via create_autosave

CVE-2022-3400 Medium 1.5.4
CVE-2022-3400 Bricks Authorization Bypass

Bricks 1.0 - 1.5.3 - Missing Authorization to Arbitrary Content Creation/Modification

CVE-2023-3410 Medium 1.10.2
CVE-2023-3410 Bricks Stored Cross-Site Scripting

Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting

CVE-2023-3409 Medium 1.8.2
CVE-2023-3409 Bricks Cross-Site Request Forgery

Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings

CVE-2023-3408 Medium 1.8.2
CVE-2023-3408 Bricks Cross-Site Request Forgery

Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Bricks so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
8 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 3 high severity findings.
Recent CVEs
CVE-2025-6495, CVE-2024-2297 and CVE-2023-3410
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Bricks

Sorted by latest disclosure date so newly published issues surface first.

Theme High Patched: Yes CVE-2025-6495
CVE-2025-6495: Bricks Builder <= 1.12.4 - Unauthenticated SQL Injection via `p` Parameter

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

Published
Jul 28, 2025
Patched Release
2.0
Affected Versions
Versions up to 1.12.4
Next Step
Update to 2.0 or newer if supported.
Open CVE-2025-6495 Report Open CVE Reference
Theme High Patched: Yes CVE-2024-2297
CVE-2024-2297: Bricksbuilder <= 1.9.6.1 - Authenticated (Contributor+) Privilege Escalation via create_autosave

The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-leve...

Published
Feb 26, 2025
Patched Release
1.9.7
Affected Versions
Versions up to 1.9.6.1
Next Step
Update to 1.9.7 or newer if supported.
Open CVE-2024-2297 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2023-3410
CVE-2023-3410: Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Br...

Published
Sep 13, 2024
Patched Release
1.10.2
Affected Versions
Versions up to 1.10.1
Next Step
Update to 1.10.2 or newer if supported.
Open CVE-2023-3410 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2023-3408
CVE-2023-3408: Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's set...

Published
Aug 16, 2024
Patched Release
1.8.2
Affected Versions
Versions up to 1.8.1
Next Step
Update to 1.8.2 or newer if supported.
Open CVE-2023-3408 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2023-3409
CVE-2023-3409: Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's set...

Published
Aug 16, 2024
Patched Release
1.8.2
Affected Versions
Versions up to 1.8.1
Next Step
Update to 1.8.2 or newer if supported.
Open CVE-2023-3409 Report Open CVE Reference
Theme Critical Patched: Yes CVE-2024-25600
CVE-2024-25600: Bricks <= 1.9.6 - Unauthenticated Remote Code Execution

The Bricks theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to execute code on the server.

Published
Feb 13, 2024
Patched Release
1.9.6.1
Affected Versions
Versions up to 1.9.6
Next Step
Update to 1.9.6.1 or newer if supported.
Open CVE-2024-25600 Report Open CVE Reference
Theme High Patched: Yes CVE-2022-3401
CVE-2022-3401: Bricks 1.2 - 1.5.3 - Remote Code Execution

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possib...

Published
Oct 03, 2022
Patched Release
1.5.4
Affected Versions
1.2 through 1.5.3
Next Step
Update to 1.5.4 or newer if supported.
Open CVE-2022-3401 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2022-3400
CVE-2022-3400: Bricks 1.0 - 1.5.3 - Missing Authorization to Arbitrary Content Creation/Modification

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page...

Published
Oct 03, 2022
Patched Release
1.5.4
Affected Versions
1.0 through 1.5.3
Next Step
Update to 1.5.4 or newer if supported.
Open CVE-2022-3400 Report Open CVE Reference